Equiforte
Request a Demo

Data Protection

Your fund data deserves the highest standard of care — from ingestion to deletion.

Encryption at Every Layer

Comprehensive encryption ensures your data is protected whether it is moving between systems or stored on disk.

Data in Transit

Every connection to and within the Equiforte platform uses modern encryption protocols with no fallback to legacy standards.

  • TLS 1.3 enforced for all external connections
  • Perfect forward secrecy (PFS) enabled on all endpoints
  • Certificate pinning for mobile and API clients
  • Internal service-to-service mTLS encryption
  • HSTS headers with minimum 1-year max-age

Data at Rest

All stored data — databases, file storage, backups, and logs — is encrypted using AES-256 with centralized key management.

  • AES-256 encryption on all databases and storage volumes
  • Customer-managed encryption keys (BYOK) available
  • Encrypted backups with separate key hierarchies
  • Automatic key rotation on 90-day cycles
  • Hardware Security Modules (HSMs) for key storage

Regulatory Compliance & Data Residency

Equiforte is designed to meet the data protection requirements of firms operating across multiple jurisdictions.

GDPR compliance is built into the platform at every level. We process personal data only as necessary for service delivery (Art. 6(1)(b)) or with explicit consent (Art. 6(1)(a)). Data subjects can exercise their rights to access, rectification, erasure, and portability through documented processes with defined SLAs.

CCPA compliance ensures California residents have full visibility into how their personal information is collected, used, and shared. We do not sell personal information and honor all opt-out requests within the statutory timeframe.

Data residency options allow firms to specify where their data is stored and processed. Available regions include:

  • United States — AWS us-east-1 (Virginia), us-west-2 (Oregon)
  • European Union — AWS eu-central-1 (Frankfurt), eu-west-1 (Ireland)
  • Asia-Pacific — AWS ap-southeast-1 (Singapore)

For firms requiring strict data sovereignty, our single-tenant and on-premise deployment options ensure data never leaves your designated jurisdiction.

Data Lifecycle Management

Clear policies govern how data moves through our systems from ingestion to secure deletion.

Ingestion & Classification

Data is classified at ingestion based on sensitivity level. Fund financial data, investor PII, and proprietary analytics each receive appropriate handling controls and access restrictions.

Processing & Retention

Data is processed only for its stated purpose. Retention periods are configurable per client and default to the minimum required for regulatory compliance. Automated policies enforce retention limits.

Deletion & Disposal

When data reaches end-of-life or a client terminates service, cryptographic deletion ensures data is irrecoverable. Deletion certificates are provided upon request, and backup purges complete within 30 days.

Need a Data Processing Agreement?

Our legal team can provide a DPA, sub-processor list, and data flow documentation for your compliance review.

Contact Our Privacy Team