Security
Built security-first to protect your financial data. Every layer of Concourse is designed with enterprise security, compliance, and transparency at its core
Security-first foundation
Trusted by finance teams with their most sensitive data
From encryption to access controls to continuous monitoring, security is embedded in everything we build
SOC 2 Type II Compliant
Independently audited and certified
Fully Encrypted
AES-256 Encryption by default
99.9% uptime
Enterprise-grade infrastructure
Zero AI Training
Your data never trains our models
Multi-layered protection
Security across every dimension
From data encryption to AI transparency to infrastructure hardening, Concourse implements defense-in-depth principles to protect your financial operations
Encryption everywhere
AES-256 encryption for data at rest and TLS 1.3 for data in transit. Your financial data is encrypted in our databases, during processing, and across all network connections
AI transparency and traceability
Every AI-generated analysis includes complete provenance with the exact queries executed, data sources accessed, and reasoning steps taken. Full visibility into what the AI did and why
Compliance and certifications
SOC 2 Type II certified with regular third-party security audits and penetration testing.
Granular access controls
SSO via SAML, MFA enforcement, and principle of least privilege access for all users
Infrastructure security
Continuous monitoring with automated threat detection, DDoS protection, and 24/7 security operations. Infrastructure-as-code with peer review for all production changes
Secure credential management
Database credentials and API keys are stored in encrypted vaults with regular rotation. Concourse never stores your credentials in plain text or system logs
FAQs
How does Concourse access and handle my financial data?
Concourse connects directly to your data sources (ERP, data warehouse, etc.) using encrypted connections. We query data on-demand and process it in isolated, secure environments.
Where does Concourse store my data?
Your source data remains in your systems. Any stored or cached data is stored in encrypted databases with configurable retention periods.
What encryption standards does Concourse use?
All data at rest is encrypted using AES-256 encryption. Data in transit uses TLS 1.3 with perfect forward secrecy. Database credentials are stored in encrypted vaults (AWS Secrets Manager or equivalent) with regular rotation. Encryption keys are managed separately from encrypted data.
How do you ensure AI agents don't expose sensitive data?
All queries and data access are logged with full audit trails. AI responses are filtered to respect row-level and column-level security policies defined in your data sources.
Is my financial data used to train AI models?
No. Your data is never used to train foundation models or shared with model providers for training purposes. We use enterprise API agreements that explicitly prohibit training on customer data. All AI processing happens in isolated environments with strict data handling controls.
How does Concourse handle prompt injection and AI security risks?
We implement multiple safeguards: input validation and sanitization, context isolation between users, query result verification against source systems, and monitoring for unusual AI behavior patterns. All AI-generated queries are validated before execution to prevent unauthorized data access. See more information about our security practices.
What authentication methods are supported?
Concourse supports Single Sign-On (SSO) via SAML 2.0 and OpenID Connect and multi-factor authentication (MFA). We also support just-in-time (JIT) provisioning and directory sync via SCIM for automated user management.
How does Concourse control access to production systems internally?
All Concourse engineers use MFA for production access. Access is granted via time-limited, purpose-specific permissions using infrastructure-as-code. All production changes require peer review, and access grants are logged and audited. We enforce separation of duties for critical operations.
What compliance certifications does Concourse maintain?
Concourse is SOC 2 Type II certified. We undergo annual third-party security audits, regular penetration testing, and continuous vulnerability assessments. Audit reports are available to enterprise customers under NDA.
What audit logging capabilities are available in Concourse?
Comprehensive audit logs capture all user actions, AI queries executed, data sources accessed, permission changes, and system events. Logs include timestamps, user identity, IP addresses, and full query details. Logs are immutable and available for export on request.
How does Concourse monitor for security threats?
We employ 24/7 security operations with automated threat detection, intrusion detection systems (IDS), DDoS protection, and real-time anomaly detection. Our infrastructure includes web application firewalls (WAF), rate limiting, and continuous vulnerability scanning across all production systems.
What happens if there's a security incident?
We follow a documented incident response plan with defined escalation procedures. Response includes immediate containment, forensic investigation, remediation, and root cause analysis. Affected customers are notified promptly with transparent communication about impact, actions taken, and prevention measures implemented.
What cloud infrastructure does Concourse run on?
Concourse runs on enterprise-grade cloud infrastructure (AWS) with redundancy across multiple availability zones. We use managed services with automatic failover, regular backups, and disaster recovery procedures. Infrastructure is defined as code with version control and automated security compliance checks.
Finance teams move faster with Concourse
Make better decisions today
Connect your data to use Concourse AI agents