Security

Security by architecture.

The platform doesn't bolt security on after the fact. Cryptographic integrity, tenant isolation, and tamper detection are foundational properties of the protocol engine — not features added to a conventional application.

Tamper-Evident by Construction

Every protocol action is SHA-256 hashed with the previous action's hash. Modifying any historical event invalidates every subsequent hash in the chain — making tampering mathematically detectable, not just policy-prohibited.

Multi-Tenant Isolation

Protocol state, document storage, API keys, and user sessions are scoped to tenant ID at every layer. There is no shared state between institutions. Cross-tenant access is architecturally impossible, not just access-controlled.

Encryption at Rest and in Transit

All data is encrypted at rest with AES-256 via AWS-managed keys. All communication is encrypted in transit with TLS 1.2+. Documents are stored in S3 with server-side encryption. Protocol state is stored in DynamoDB with encryption enabled.

Least Privilege by Default

Four roles (admin, location admin, reviewer, operator) with granular permission groups. Actions are permission-gated at the protocol level, not just the UI level. The protocol rejects unauthorized actions before they enter the chain.

Cryptographic Integrity

The hash chain is the security model.

Traditional audit logs are append-only by convention. The AVMS.AI protocol chain is append-only by cryptographic construction. Each action's hash incorporates the previous action's hash, creating a Merkle-like structure where any modification — insertion, deletion, or alteration of any historical event — invalidates every hash that follows.

Chain integrity verification runs across all protocol domains (sessions, policies, vendor management, QC, actors, tenant configuration, batch, SSO, exports) and reports per-domain status. A broken chain is immediately visible in the protocol log dashboard.

Individual actions can be exported as self-contained JSON proofs that an examiner or auditor can verify independently without platform access.

Hash Algorithm

→SHA-256 (FIPS 180-4 compliant)

→Applied to every protocol action payload

→Chained: hash(payload + previousHash) → actionHash

Chain Properties

→Append-only: no action can be modified after dispatch

→Sequenced: monotonic sequence numbers per domain

→Attributable: actor ID on every action

→Timestamped: ISO 8601 on every action

Verification

→Cross-domain chain integrity verification

→Per-action proof export (self-contained JSON)

→Visual chain status in protocol log dashboard

→Broken chain detection with exact breakpoint

Data at Rest

→DynamoDB: AES-256 encryption (AWS-managed keys)

→S3: server-side encryption (SSE-S3)

→No unencrypted data stores

Data in Transit

→TLS 1.2+ on all endpoints

→HTTPS enforced (no HTTP fallback)

→Certificate pinning on API endpoints

Data Isolation

→Tenant-scoped DynamoDB partition keys

→Tenant-scoped S3 key prefixes

→No cross-tenant queries possible at the data layer

→API keys scoped to tenant at creation

Data Retention

→Active subscription: retained indefinitely

→Post-cancellation: 90-day retention, then secure deletion

→Documents: retained with protocol state

→Protocol chain: retained as long as tenant is active

Data Protection

Your data. Your tenant. No exceptions.

All institution data — loan records, AVM documents, protocol state, compliance evidence, vendor analytics, and user accounts — is isolated to your tenant at every layer of the stack. There is no shared database, no aggregated analytics across tenants, and no data sharing of any kind.

We do not sell your data. We do not share your data. We do not use your data to train models. We do not provide your data to third parties. Your institution's compliance evidence is yours alone.

Authentication & Access Control

Enterprise identity. Enforced at every layer.

Authentication is powered by AWS Cognito with required MFA on all accounts. Enterprise SSO delegates authentication to your existing identity provider — Okta, Azure AD, PingFederate, or any SAML 2.0 provider.

Role-based access control is enforced at the protocol level, not just the UI. An operator cannot dispatch an admin-only action even if the UI were bypassed — the protocol orchestrator rejects unauthorized actions before they enter the chain.

Authentication Methods

→Email/password with required TOTP MFA

→Google Workspace OAuth

→Microsoft 365 OAuth

→Enterprise SSO: SAML 2.0 (Okta, Azure AD, PingFederate)

Access Control

→Four roles: Admin, Location Admin, Reviewer, Operator

→Granular permission groups per role

→Additional per-user permission overrides

→Location-scoped access for multi-branch operations

→Protocol-level enforcement (not just UI gating)

API Security

→API keys hashed at rest (raw key shown once at creation)

→Scoped permissions per key (validate, batch, sessions, reports)

→Per-key rate limiting

→Key revocation with audit trail

→Every API request attributed in the protocol chain

Infrastructure

Built on AWS. Managed with care.

Compute

Serverless and containerized execution. Ephemeral compute with no persistent attack surface. Horizontal autoscaling with zero standing infrastructure.

Storage

Single-table document store with partition-level tenant isolation and optimistic concurrency control. Object storage for content-addressed documents. Both encrypted at rest with AES-256.

Identity

Managed identity pools with required multi-factor authentication. Enterprise federation via SAML 2.0 with JIT provisioning and attribute-mapped role assignment.

Network

Edge-distributed content delivery with web application firewall. API gateway with per-key rate limiting and throttle enforcement. All traffic encrypted with TLS 1.2+.

Security questions? We welcome them.

If your security team needs additional detail beyond this page, contact us for a technical security review or to discuss your institution's specific requirements.

Start Free Trial →Contact Security Team