Skip to main content

Security & Compliance

Enterprise-Grade
Security

Your data is your alpha. We protect it with the same rigor you would expect from a prime broker — because we have built systems for them.

GDPR

Ready

SEC / FINRA

Compatible

CCPA

Compliant

SOC 2 Type II

In Progress

Security Features

Defense in Depth

Multiple layers of security controls protect your data at every stage of the pipeline — from ingestion to delivery.

TLS 1.3

Encryption in Transit

All data transmitted between clients and the platform is encrypted via TLS 1.3. Connections are mutually authenticated and sessions are time-limited. Storage-layer encryption configuration is documented per engagement.

RBAC + MFA

Role-Based Access Control

Granular RBAC with entity-level permissions. Control who sees what across funds, entities, and data domains. SSO integration available; MFA enforced for all production users.

Access Logs

Audit Logging

Data access, modification, and export events are logged with user identity, timestamp, and context. Audit log retention policy and review tooling defined per engagement to match your regulatory framework.

Multi-Region

Data Residency

Deployment region is agreed at contract. US-based deployment is standard. EU and APAC options available for clients with jurisdiction-specific data sovereignty requirements.

NDA Docs

Security Review Program

Security architecture documentation, data flow diagrams, and completed vendor security questionnaire responses are provided to qualified prospects under NDA. SOC 2 Type II audit currently in progress with a qualified independent auditor — target report H2 2026.

Active

Responsible Disclosure

We operate a responsible disclosure program. Security findings reported through our contact channel are reviewed and acknowledged within 48 hours. Vulnerability scanning runs continuously across the production stack.

Compliance

Built for Regulated Industries

Alternative asset managers face unique regulatory requirements. PLEXI is architected to support SEC, FINRA, and GDPR compliance from the ground up — not as an afterthought.

  • Immutable audit logs with complete data lineage for regulatory review
  • Automated compliance reporting for SEC Form PF, CPO-PQR, and AIFMD
  • Data subject access requests (DSAR) handled through built-in governance tools
  • Configurable data retention policies per jurisdiction and entity
  • Real-time monitoring and alerting on compliance-relevant data changes

Certifications & Standards

GDPR

Ready

Data processing agreements, EU data residency, DSAR workflows, and right-to-erasure support.

SEC / FINRA

Compatible

Books and records retention compatible with Rule 17a-4. Complete audit trail and granular access controls.

CCPA

Compliant

California consumer privacy compliance with automated handling and disclosure capabilities.

SOC 2 Type II

In Progress

Type II audit currently in progress with a qualified independent auditor. Audit firm name and current control set available under NDA. Target report H2 2026.

Request Security Documentation

We share security architecture documentation, data flow diagrams, and completed vendor security questionnaire responses under NDA. SOC 2 Type II audit is in progress, target report H2 2026 — reach out for current control set.

Request Security Docs