Security & trust

The foundation,
not a feature.

Money and commission data demand institution-grade security. Every layer of the Sales Elite Engine was built for that weight — not checked against a list at launch.

Single-tenant by design

Each operator runs a dedicated instance of the engine with its own database. Your firm's data — claims, banking, settlements, audit history — never shares a database, a server, or a backup with another company's. There is no cross-operator query to misconfigure, because there is no shared store to query.

One instance, one database per operator. Separation between operators is physical — see the platform model.

Brand isolation

Every manufacturer's data is physically separate at the database level — not filtered, not hidden. Isolated. Another brand in the same program cannot access your claims, reports, AI verdicts, or seller data under any condition.

Enforced per-row in the database schema, not via application-layer permissions.

Full audit trail

Every action in the platform is logged with actor identity, timestamp, and the before/after state. Immutable. No action can be taken without a trail. Settlement executions, claim reversals, approval decisions, configuration changes — all logged.

Append-only audit log. Cannot be modified by any user role, including admin.

AES-256 banking encryption

Banking and payment data is encrypted at rest using AES-256-GCM. Keys are managed separately from the data. No plaintext banking information is ever stored in the primary database.

AES-256-GCM with envelope key management. Encrypted before write, decrypted only at read.

AI data handling

The AI verdict uses Anthropic's API under a commercial agreement — not the consumer Claude product. Claim data sent for analysis is not used to train models. Anthropic's data retention for API calls is 30 days, contractual.

Anthropic API (commercial) · data not used for training · 30-day retention policy.

Loi 25 / GDPR by default

Privacy compliance is designed in — not a checklist applied at launch. Versioned consent with immutable records, self-service rights portal with 30-day SLA, erasure that preserves audit integrity, designated Data Protection Officer contact, automated retention and pruning schedules, cross-border data handling documentation.

Loi 25 (Québec) + GDPR. Cross-border Canada/US handling documented. DPO designated.

SSO + role enforcement

Single sign-on via the operator's identity provider, with two-factor authentication. Four roles with strict capability boundaries: Seller (claim submission, own data), Manufacturer (their brand only), Admin (platform operations), Director (read-only oversight). Role assignment audited.

4 roles · SSO + 2FA · capability enforcement at the API layer.
Try it — the 2FA gate every account passes through (demo code: 123456)
Two-factor authentication

Enter your 6-digit code

Code from your authenticator app · Hint: 123456

Expires in 30s
Compliance summary

Designed for institutions. Operated by rep firms.

Rep firms operate as trusted intermediaries between manufacturers and their channels. The security posture of the engine matches that trust.

Loi 25 (Québec) Compliant by design
GDPR (EU) Compliant by design
Data encryption at rest AES-256-GCM
Tenancy Single-tenant, dedicated instance
Data isolation Database-level
Audit trail Immutable, append-only
AI data training Not used — contractual
Cross-border data (CA/US) Documented & managed

Questions about data handling?

We answer security questions directly in the presentation. No slides — a live walkthrough of the architecture.

Book a presentation