Field
The data we keep on clients
What we keep. Where we keep it. What we do not keep.
Minimum needed to do the work.
Contact details. The categories of structures and identities you've asked us to watch. The signals the system has surfaced for your file. The notes we've sent you. The team's internal notes about your file. That's it.
What we do not hold.
Passwords, credentials, signing keys, account numbers (we use account identifiers that aren't credentials), copies of identity documents past KYC verification. KYC is processed by an external regulated provider. We do not retain the documents.
Where it sits.
EU servers, encrypted at rest, accessible only to the team with role-based controls. Audit logs on access. We run internal access reviews quarterly. Client files are encrypted with per-client keys.