Security & trust

Built for the standards your clients demand.

niska. is built for firms that answer to regulators, auditors, and the families who trust them. Security, isolation, and explainability are the foundation — not a feature list.

Our commitments

Three promises every pillar is built on.

01

Multi-tenant by design.

Storage, metadata, review queues, and AI knowledge bases are isolated by client at every layer. No cross-client leakage, ever — and nothing about your firm is ever shared across tenants.

02

Citations on every output.

Every AI answer carries a source link back to the underlying document. If we can't cite it, we don't say it. Reviewers can verify any claim in a click.

03

Augments, never replaces.

Your general ledger, tax software, portfolio systems, and DMS stay your systems of record. niska. reads and proposes; your team approves and posts.

Certifications & controls

Controls designed for firms under the microscope.

01

SOC 2 Type II

in progress · In progress. Report available under NDA on request.

02

AES-256 encryption

All firm data encrypted at rest with AES-256 and in transit with TLS 1.3.

03

TLS 1.3 in transit

Modern ciphers only. HSTS enforced across all customer-facing endpoints.

04

Role-based access

Granular roles per firm, per engagement, per document class. Least privilege by default.

05

SSO / SAML

Sign in with your existing identity provider. SCIM provisioning on request.

06

Audit logging

Immutable logs of every read, write, and AI action. Exportable to your SIEM.

07

Data residency

Per-region hosting options. Your data stays where your regulators expect it.

08

No training on firm data

Your documents and client data are never used to train foundation models. Full stop.

Forward-looking items are labeled. Full control matrix available on request under NDA.

Data handling

Short list. Plain terms.

What we store

  • Firm documents ingested into your tenant
  • Metadata, classifications, and review state
  • Audit logs of every read, write, and AI action
  • Per-user workflow preferences
  • Derived embeddings scoped to your tenant only

What we never do

  • Train foundation models on your firm data
  • Share or commingle data across tenants
  • Sell or broker client information to third parties
  • Post to systems of record without a human reviewer
  • Retain data beyond the terms of your contract

Responsible disclosure

Found something? We work with researchers in good faith. Report security issues to security@niska.ai and we will acknowledge within one business day.

See what your firm could be.

Request access