Encryption
Data is encrypted in transit (TLS) and at rest. Documents exchanged through Vincu Vault never travel over email. [[PLACEHOLDER: confirm at-rest encryption specifics — algorithm/key management — with engineering before publishing.]]
Security & compliance
The boring parts, done properly.
Banks don't buy promises. Here is how Vincu actually handles your data, your access model and your auditors.
Access control
Role-based access control throughout: staff see the cases, documents and actions their role allows, and nothing else. Sessions expire on a hard limit; sensitive actions are re-verified.
Auditability
Every decision, document movement, status change and message is written to an immutable audit log with actor, timestamp and context. Security events are logged with IP-protecting hashing.
Data residency & hosting
[[PLACEHOLDER: hosting posture — region(s), provider, single-tenant/multi-tenant options, on-prem availability. Confirm with engineering; banks will ask first.]]
Regulatory alignment
Built for EU-regulated banking workloads: GDPR-aligned data handling, consent-tracked credit-registry queries and explainable, logged credit decisions. [[PLACEHOLDER: legal review of this paragraph before publishing.]]
Certifications
[[PLACEHOLDER: list only certifications actually held (e.g. ISO 27001, SOC 2). Per the brief: never claim a certification that isn't held. If none yet, state the roadmap honestly or omit this section.]]
AI, governed
A note on AI in credit decisions
Vincu Decision assists; it doesn't decide alone. Every AI-assisted analysis is presented with its reasoning, reviewed by your staff, and logged — designed so you can explain any decision to a customer, a regulator or an auditor.
Have your security team grill ours.
Bring your questionnaire. We'll answer it line by line.