Security

How we protect data across the Fluent Terrain portfolio of platforms.

Our approach

Fluent Terrain builds platforms that handle sensitive data — financial records, tax documents, business transactions. Security is a foundational requirement built into every layer of our infrastructure, not an afterthought applied on top.

Infrastructure security

  • Encryption in transit: All communication between clients and servers uses TLS 1.2 or higher.
  • Encryption at rest: Sensitive data is encrypted at rest using AES-256.
  • Edge deployment: Applications are deployed on Cloudflare's global edge network with DDoS protection, WAF, and SSL termination.
  • Environment isolation: Production, staging, and development environments are strictly separated. No production data enters non-production systems.

Authentication and access

  • Identity provider: Authentication uses Microsoft Entra ID (Azure AD) with OIDC/JWT for enterprise-grade identity management.
  • Least-privilege access: Users, collaborators, and administrators operate under distinct permission levels. Access is granted on a need-to-know basis.
  • Session management: Sessions are time-limited. Inactive sessions are automatically terminated.

Application security

  • Input validation: All user input is validated at the API boundary using schema validation.
  • API security: Endpoints enforce authentication and authorization. Rate limiting prevents abuse.
  • Dependency auditing: Dependencies are regularly reviewed for known vulnerabilities.
  • Code review: All changes go through review before production deployment.

AI security

  • Data isolation: Data processed by AI models is isolated per account. It is never used to train general-purpose models or shared across tenants.
  • Audit trails: Every AI classification, extraction, and decision is logged with full context.
  • Human oversight: AI outputs include confidence scores and explanations for professional review and verification.

Data protection

  • Backup and recovery: Regular backups with tested recovery procedures.
  • Data portability: Export your data at any time in standard formats.
  • Deletion: Account deletion permanently removes data within 30 days, subject to legal retention requirements.

Incident response

We maintain an incident response process for security events. In the event of a breach affecting your data, we will notify affected users and relevant authorities within timeframes required by applicable law.

Responsible disclosure

If you discover a security vulnerability in any Fluent Terrain product, please report it to [email protected]. We take all reports seriously and respond promptly.

Compliance

Our platforms are designed to support compliance with applicable data and financial regulations. Audit trails, data export, and access controls meet the requirements of professionals operating under regulatory obligations.

Contact

For security questions or to report a concern: [email protected]