Trust Center
Intrepid processes sensitive financial documents on behalf of brokers, lenders, and institutions. This page explains exactly how we protect that data, what we do with it, and the independent standards we hold ourselves to.
Underway
Aligned
Framework
AES-256
Field-level encryption
TLS
Encryption in transit
35-day
Backup retention window
30-day
AI provider log maximum
Security Overview
Sensitive financial documents require more than a single safeguard. Our platform applies layered, independent controls so that no single failure exposes customer data.
High-value personally identifiable information is encrypted at the application layer before it is ever written to the database. This means a database export alone does not expose readable PII.
All data moving between your browser, our platform, and any third-party processors travels over TLS. Unencrypted connections are rejected.
Encryption keys rotate on a scheduled cycle. Historical data is progressively re-encrypted with current keys, minimizing exposure from any single key generation.
Least-privilege principles govern access to production systems. Administrative access is restricted to authorized personnel and every access event is logged and monitored.
All uploaded documents are scanned before they enter storage. Periodic scans of production systems run continuously in the background as an additional line of defense.
A multi-layer backup strategy combines daily full-system snapshots with offsite database and file backups. A 35-day retention window enables recovery from accidental or malicious deletion.
Development Practice
How software is built is just as important as how it is deployed. Our development process is structured to keep credentials out of source code, changes reviewed before they ship, and dependency risks caught automatically.
Credentials and secrets are never stored in source code repositories. Sensitive values are injected at build time through protected pipeline variables.
Every code change requires peer review and approval before merging. No engineer can approve their own changes.
Automated dependency scanning runs on every build, flagging vulnerable third-party libraries before they reach production.
Developer access to production systems is scoped to the minimum required, audited on a recurring basis, and revoked promptly upon role changes.
Financial document workflows are secured through isolated processing environments. Only the minimum necessary data is ever exposed to any external service.
Production access is logged, monitored, and subject to administrative controls that limit and record who interacts with live customer data.
Responsible AI Use
Our platform uses artificial intelligence to extract structured information from financial documents. That is the full extent of its role.
Our AI platform is designed to extract structured information from financial documents, not to make eligibility, credit, underwriting, employment, or other consequential decisions about individuals. AI-generated outputs are structured data points returned to the customer for their own downstream use. The platform does not generate recommendations, render judgments, or apply decision logic to any individual's situation.
We do not discriminate. Our document analysis functionality is applied uniformly and does not factor in race, color, national origin, religion, sex, age, disability, familial status, or any other protected characteristic. The system processes document structure and financial fields, not individual identity attributes. We do not use our platform to screen, score, profile, or rank individuals for lending, employment, housing, insurance, or any other purpose governed by applicable anti-discrimination law.
Transaction records, account balances, account identifiers, financial statement fields, tax form data, and other structured financial information present in uploaded documents.
AI does not make lending decisions, generate credit opinions, score applicants, create individual profiles, perform marketing analysis, or train any model on your documents.
Operational Integrity
No system is immune to bugs or operational anomalies. What matters is how they are detected, triaged, and resolved. Here is our process.
We maintain system-level monitoring and structured logging across our production environment. Automated alerts flag anomalies in behavior, performance, or data processing before customers are typically aware of an issue.
Issues reported by customers, including suspected calculation errors, unexpected outputs, or system behavior that does not match expectations, are received through designated support channels and logged immediately for investigation.
Every reported issue is assigned a severity level based on its impact on customer operations and data integrity. Issues affecting data accuracy, financial calculations, or security receive the highest priority and are escalated directly to the engineering team.
The engineering team investigates root cause, applies a fix through our standard code review and release process, and validates the resolution before it is deployed. No fix ships without peer review.
Issues that affected customer-facing outputs are communicated through designated support channels. We do not close a customer-reported issue without confirming that the underlying problem has been resolved and, where appropriate, explaining what changed.
Data Storage & Retention
Customer data is processed within a secure, encrypted environment and used solely to provide document analysis functionality. The table below summarizes our approach to each category of data we handle.
Data category
Uploaded financial documents
Bank statements, tax returns, financial statements
Storage approach
Cloud object storage with server-side encryption and versioning enabled
Retention
Trains AI?
Data category
Extracted structured data
Transactions, balances, account fields
Storage approach
Encrypted application database; high-value PII encrypted at field level before write
Retention
Trains AI?
Data category
AI provider operational logs
Request/response logs retained by AI provider
Storage approach
Retained by AI provider for operational monitoring and abuse prevention only
Retention
Trains AI?
Data category
System and access logs
Login events, API calls, administrative access
Storage approach
Retained for security monitoring, audit trail, and incident investigation
Retention
Trains AI?
Data category
Backup archives
Full system and database backups
Storage approach
Offsite encrypted storage with version history; 35-day retention window for recovery from deletion or ransomware
Retention
Trains AI?
We do not sell customer data. We do not share customer data for advertising purposes. We do not use customer data to train any AI model, whether our own or a third-party provider's. Customer documents are processed solely to provide the analysis functionality requested.
If you have questions about how we handle your data, want to report a security concern, or need documentation for your own compliance review, we want to hear from you.
Privacy & Security Contact
Phone
Mailing Address
This page reflects Intrepid Finance's current security posture and practices. Last reviewed April 2026.