Security

Security Overview

Last updated: April 6, 2026

Prefiler handles sensitive financial data for accounting professionals. Our security architecture is designed around a principle of minimal data exposure: process what's needed, store only derived outputs, and enforce strict isolation at every layer.

1. Ephemeral Document Processing

This is the foundation of our security model. Uploaded financial documents (bank statements, PDFs, CSVs) are processed entirely in memory. The processing pipeline extracts structured data using coordinate-based parsing, runs it through the deterministic scoring engine, and discards the original document immediately.

No raw financial document reaches long-term storage. If our database were compromised, an attacker would find analysis metadata, risk scores, and confidence metrics — not your clients' bank statements.

2. Encryption

In transit: All communication between client applications and our infrastructure uses TLS 1.2+. This applies to API calls, file uploads, authentication, and all data retrieval.

At rest: All stored data — analysis reports, account information, client records, and metadata — is encrypted at rest using AES-256 equivalent encryption within our hosting infrastructure.

3. Row-Level Data Isolation

Data access is enforced at the database level through row-level security (RLS) policies on every table. These are not application-level checks that could be bypassed — they are PostgreSQL policies evaluated on every query.

  • Individual users can only access their own analyses, clients, and billing records.
  • Firm members can access firm-scoped data, subject to their role permissions.
  • Anonymous users are blocked from all authenticated tables.
  • Service-level operations (credit management, team administration) use security-definer functions that bypass RLS only for specific, audited operations.

4. Role-Based Access Control

Firm accounts enforce three-tier RBAC:

  • Partner: Full administrative access — billing, team management, all firm analyses, custom role definitions.
  • Senior CA: Analysis creation, review, and export. No billing or team management.
  • Junior: Analysis creation and review of own work only.

Roles are stored in a dedicated user_roles table — never on the profile record. Role checks use security-definer database functions to prevent recursive RLS issues and privilege escalation.

5. PII Masking

Personal identifiers (PAN, Aadhaar, account numbers, names) detected during document parsing are masked in all internal logs. The AI narrative layer is architecturally prevented from echoing specific personal identifiers — it uses neutral references ("the entity", "the account holder") by design.

6. Audit Logging

Prefiler maintains structured audit trails for:

  • Analysis creation, completion, and archival
  • Credit consumption, purchase, and refund events
  • Team membership changes (invitations, role changes, removals)
  • Data export events
  • Authentication events

Audit logs include timestamps, user attribution, IP address (where available), and methodology version identifiers.

7. Deterministic Reproducibility

The deterministic nature of our risk engine provides an additional security property: every analysis is independently verifiable. The same input data, processed against the same scoring engine version, will always produce the same risk scores, flags, and confidence metrics.

This makes analysis outputs auditable, comparable, and defensible — not just for security, but for regulatory compliance.

8. Payment Security

All payments are processed through Razorpay, a PCI-DSS compliant payment gateway. Prefiler never receives, stores, or processes payment card details. We store only transaction references and billing metadata.

9. Vendor Abstraction

Our architecture is designed for vendor neutrality. The LLM provider, hosting infrastructure, and payment gateway can be switched without affecting the deterministic scoring engine, data model, or security boundaries. This eliminates single-vendor dependency risk.

10. Infrastructure

Backend infrastructure is hosted on managed cloud platforms with enterprise-grade security controls, automated patching, and geographic redundancy. We do not claim SOC 2 or ISO 27001 certification at this time. Our practices are designed to align with these standards, and we are committed to pursuing formal certification as the platform matures.

11. Vulnerability Reporting

If you discover a security vulnerability, please report it responsibly to security@prefiler.com. We take all reports seriously and aim to acknowledge within 24 hours.