Skip to main content

Security & Compliance

Enterprise-Grade
Security

Your data is your alpha. We protect it with the same rigor you would expect from a prime broker — because we have built systems for them.

SOC 2 Type II

Certified

GDPR

Ready

SEC / FINRA

Compatible

CCPA

Compliant

Security Features

Defense in Depth

Multiple layers of security controls protect your data at every stage of the pipeline — from ingestion to delivery.

Certified

SOC 2 Type II Compliant

Independently audited controls for security, availability, and confidentiality. Annual recertification with continuous monitoring between audit cycles.

AES-256 / TLS 1.3

End-to-End Encryption

AES-256 encryption at rest and TLS 1.3 in transit. Your data is encrypted at every stage — ingestion, processing, storage, and delivery. Key management via HSM.

RBAC + SSO

Role-Based Access Control

Granular RBAC with entity-level permissions. Control who sees what across funds, entities, and data domains. SSO integration and MFA enforced for all users.

Full Lineage

Complete Audit Trail

Every data access, modification, and export is logged with user, timestamp, and context. Immutable audit logs retained per your retention policy for regulatory review.

Multi-Region

Data Residency Options

Choose where your data lives. US, EU, and APAC deployment options available. Meet jurisdiction-specific data sovereignty and residency requirements.

Annual

Penetration Testing

Annual third-party penetration testing and vulnerability assessments by certified professionals. Continuous automated scanning with real-time alerting on any findings.

Compliance

Built for Regulated Industries

Alternative asset managers face unique regulatory requirements. PLEXI is architected to support SEC, FINRA, and GDPR compliance from the ground up — not as an afterthought.

  • Immutable audit logs with complete data lineage for regulatory review
  • Automated compliance reporting for SEC Form PF, CPO-PQR, and AIFMD
  • Data subject access requests (DSAR) handled through built-in governance tools
  • Configurable data retention policies per jurisdiction and entity
  • Real-time monitoring and alerting on compliance-relevant data changes

Certifications & Standards

SOC 2 Type II

Certified

Independently audited annually by a Big Four affiliate. Continuous monitoring between cycles.

GDPR

Ready

Data processing agreements, EU data residency, DSAR workflows, and right-to-erasure support.

SEC / FINRA

Compatible

Books and records retention (Rule 17a-4), complete audit trail, granular access controls.

CCPA

Compliant

California consumer privacy compliance with automated handling and disclosure capabilities.

Request Security Documentation

We share our SOC 2 report, penetration test summary, and security architecture documentation under NDA.

Request Security Docs