Security & Compliance

Built for Teams That
Manage Risk for a Living

Risk registers, loss runs, and captive financials are some of the most sensitive data an organization holds. Here is exactly how FractionalRisk.ai protects yours — in plain language, not marketing language.

Data Isolation

One Organization. One Database. Period.

Most multi-tenant SaaS keeps every customer's rows in shared tables and hopes the filters hold. We made a different architectural choice.

Isolated Database per Organization

Your data never shares a database with another customer. Each tenant runs in its own MongoDB database — not a shared table with a tenant column. Cross-tenant queries are architecturally impossible.

Context-Bound Data Routing

Every authenticated request is cryptographically bound to your organization via its JWT. The data layer resolves your isolated database per request — application code cannot accidentally reach another tenant's data.

Per-Tenant Backup & Restore

Because each organization has its own database, backups, restores, and data exports are scoped to you alone — no commingled snapshots.

Access Security

Six Layers Between an Attacker and Your Account

Authentication hardening that's actually implemented and continuously tested — not a roadmap slide.

Brute-Force Lockout

5 failed attempts trigger a 15-minute lock, keyed per IP + account, with full audit trail.

Immediate Session Revocation

Logout, password changes, role changes, and deactivation invalidate every active session instantly — not at token expiry.

Stolen-Token Defense

Tokens are bound to the device context they were issued on. A token replayed from a different environment is rejected.

Short-Lived Credentials

30-minute access tokens with secure refresh rotation. Single-use, hashed password-reset tokens that expire in 60 minutes.

Role-Based Access Control

Five permission tiers from viewer to admin, enforced server-side on every endpoint — plus platform/tenant role separation.

Complete Audit Logging

Logins, failures, resets, role changes, impersonation, and data-rights events are written to an immutable audit log.

Enterprise SSO

Sign In With the Identity Provider You Already Trust

SAML 2.0 single sign-on connects FractionalRisk to Okta, Microsoft Entra ID (Azure AD), or any SAML-compliant identity provider — so your existing MFA, password policies, and offboarding workflows govern access to your risk data.

  • SP-initiated login — your team clicks one button and authenticates at your IdP
  • Just-in-time provisioning with a least-privilege default role you control
  • Email-domain allow-listing scopes SSO strictly to your organization
  • Disable a user at your IdP and their access ends with it
  • Every SSO sign-in, provisioning event, and failure is audit-logged

Onboarding takes one exchange

  1. 1

    We send our SP metadata

    A single URL your IdP admin imports — entity ID, callback endpoint, and certificate requirements, pre-filled.

  2. 2

    You send your IdP details

    Your identity provider's SSO URL, entity ID, and signing certificate — straight from the Okta or Entra admin console.

  3. 3

    Your team signs in

    The SSO button on our login page recognizes your email domain and routes everyone through your identity provider.

Your Data Rights

Leave Anytime. Take Everything. Delete It All.

GDPR-style data rights are built into the product, not handled by a support ticket queue.

Right to Data Portability

Tenant administrators can export their organization's complete dataset on demand — a portable copy of every collection in their isolated database.

Right to be Forgotten

A one-action, organization-scoped purge permanently deletes a tenant's database. Strictly limited to authorized administrators of that tenant.

Honest Answers to Security Questionnaires

"Where is my data?" has a one-line answer: in a dedicated database provisioned for your organization, accessible only through your organization's authenticated sessions.

For Your Security Questionnaire

The Questions CFOs and Boards Ask

Where does our data live?

In a dedicated MongoDB database provisioned exclusively for your organization.

Can another customer ever see our data?

No. Isolation is enforced at the database layer and verified by an automated cross-tenant test suite on every release.

What happens when an employee leaves?

Deactivating their account revokes every active session immediately, across all devices.

Can we get our data out?

Yes — full tenant export on demand, plus board reports in Word and PDF formats you already use.

Can you delete everything?

Yes — a tenant-scoped purge permanently removes your organization's database on request.

Is traffic encrypted?

All traffic is encrypted in transit over TLS (HTTPS), with HSTS and hardened security headers.

Can our team use our existing identity provider?

Yes — SAML 2.0 SSO with Okta, Microsoft Entra ID (Azure AD), or any SAML-compliant IdP, including just-in-time provisioning.

Framework-aligned with ISO 31000 and COSO ERM. SAML 2.0 single sign-on is included on enterprise plans; OIDC available on request.

Bring Your Hardest Security Questions

We'll walk your team through the architecture live — isolation, auth, and data rights included.