Security policy

We protect your data at every stage of its lifecycle.

• At restAll sensitive documents and proprietary files are stored using AES-256 encryption - the same standard used by global financial institutions - managed by our infrastructure providers.
• In transitData moving between your device and our servers is protected by TLS 1.3, preventing man-in-the-middle attacks and unauthorized interception.
• Database securityRow-Level Security (RLS) ensures that users only interact with data they are explicitly authorized to see.

We employ a "siloed architecture" to prevent data leakage.

• Logical partitioning. Your data is strictly isolated from other organizations. The platform uses unique authenticated session tokens to ensure organizational boundaries are impenetrable.
• Access control. We follow the principle of least privilege. Advancii staff have no proactive access to your raw data; administrative access is strictly logged and restricted to troubleshooting.

Advancii minimizes your risk by never touching your sensitive financial data.

• Zero-footprint paymentsWe do not store, process, or transmit credit card numbers or bank details on our servers.
• PCI-DSS providersAll transactions are handled by industry-leading, PCI-compliant payment gateways - isolated from our primary data environment.

• Secure sessions. HTTP-only and SameSite cookies make it significantly harder for malicious scripts to steal sessions or launch CSRF attacks.
• Memory-resident data. We use SWR (stale-while-revalidate) for fetching, prioritizing performance while keeping sensitive data primarily in transient memory rather than permanently cached.
• Identity management. Secure, encrypted authentication flows ensure only verified users can enter your workspace.

You are the gatekeeper of your data.

• Explicit authorization. Integrations with partners (e.g., IP insurance or financing) are never automatic. Data is only shared when you trigger a specific workflow.
• Revocable access. You can revoke third-party permissions at any time through your dashboard. Once revoked, the digital handshake is severed immediately.

• Infrastructure reliability. Hosted on top-tier cloud providers offering 99.9% uptime and physical security at their data centers.
• Compliance alignment. Our protocols are designed to meet the rigorous standards of UK and EU GDPR. We treat data privacy as a foundational feature, not a legal hurdle.
• Regular audits. We periodically review codebase and infrastructure to patch vulnerabilities and stay ahead of emerging threats.

If you believe you have discovered a vulnerability or have specific questions about our encryption standards, please contact our security lead.