Security and Data Privacy
Clove Financial Ltd builds large‑language‑model tooling for finance. Safeguarding the confidentiality, integrity and availability of your data is the first product requirement we write for every feature.
Below you’ll find the details of how we protect your information today—and the steps on our public roadmap as we move from alpha into a fully audited, production‑grade platform.
Connections are created through Plaid’s OAuth/token flow. The short-lived public token is exchanged for a long-lived access token and written straight to our secrets vault, where it is encrypted at rest with AES-256 under a dedicated key in our cloud KMS.
No human operators have read access to these secrets. All data access after that occurs through Plaid’s encrypted API, so raw credentials remain with the bank.
Our Commitment at a Glance
Bank‑grade encryption
In transit (TLS 1.2+) and at rest (AES‑256) for every byte.
Tokenised connections
To banks and accounting systems—no user credentials ever touch Clove servers.
Privacy by design
Only you can view your prompts and transaction data — no one else, not even our engineering leadership, has access.
Transparent roadmap
To SOC 2 Type I (target Q4 2025) and Type II thereafter.
What Data We Collect & Why
Bank access tokens (via Plaid)
Bank access tokens (via Plaid)
Purpose: Establish secure read‑only access to accounts you authoriseRetention: Stored encrypted for the life of the connection or until you revoke access
Accounting entries & metadata
Accounting entries & metadata
Purpose: Provide contextual answers, variance analyses and reconciliationsRetention: Retained while your subscription is active; deleted within 30 days of cancellation
User prompts & responses
User prompts & responses
Purpose: Improve answer relevance, detect abuse, troubleshoot errorsRetention: Anonymised within 24 hours; aggregated metrics kept for product‑improvement
Operational logs (IP, user ID, API usage)
Operational logs (IP, user ID, API usage)
Purpose: Security monitoring, rate‑limiting, billingRetention: 90‑day rolling window unless required for legal holds
How We Protect Your Credentials (Plaid Tokenisation)
We never ask for, or store, your online banking usernames or passwords.
Data Encryption & Storage
-
In transit: All external traffic is forced over HTTPS. We allow only TLS 1.2+ with forward-secret cipher suites and add the
Strict-Transport-Securityheader so browsers automatically return over HTTPS. - At rest: Customer data lives on server-side–encrypted storage, protected with AES-256 keys managed by our cloud provider’s state of the art key-management service; backups and snapshots inherit the same encryption.
- Back‑ups: Encrypted, geo‑redundant, with automated integrity checks and a 30‑day retention.
Access Controls & Monitoring
- Least privilege & RBAC: IAM roles are scoped to the minimum set of resources and rotated quarterly.
- Multi‑factor authentication: Required for all console and GitHub access; SSO for all employees.
- Audit logging: Every action in our production environment is captured in a tamper-evident ledger. Logs are immutable, retained for 12 months, and continuously analyzed for anomalies.
Secure Development & Pen Testing
- CI/CD security gates: Every build must clear static analysis in SonarQube and automated dependency-vulnerability scanning; pipelines halt on any critical finding.
- Secrets management: Source code contains no secrets—runtime credentials are injected from our cloud secrets vault.
- External penetration tests: Conducted twice per year; summary reports available to customers under NDA starting July 2025.
Privacy by Design & De‑Identification
Before any prompt or transaction detail is used to fine‑tune models or build product analytics, we:- Strip direct identifiers (names, account numbers, email addresses).
- Hash customer IDs with salt; map to pseudonyms.
- Aggregate across at least ten (k ≥ 10) organisations.
- Apply differential‑privacy noise (ε ≤ 1) to sensitive counts so no single user or company can be reverse‑engineered.
Compliance & Roadmap
Internal security policy aligned to NIST CSF 1.1
Completed - May 2025
SOC 2 Type I audit fieldwork start
In Progress - September 2025
SOC 2 Type I attestation report published
In Progress - December 2025
SOC 2 Type II 6‑month observation window
Planned - Jan–Jun 2026
GDPR / UK‑GDPR Art. 28 data‑processing agreement rollout
Planned - Q1 2026
ISO/IEC 27001 readiness assessment
Planned - Q2 2026
Responsible AI & Model Training
Clove trains internal language models only on anonymised, aggregate telemetry or publicly available data. We do not feed raw customer statements or prompts into third‑party foundation models. All training jobs run in isolated VPCs with encrypted object storage. Our ML governance framework follows NIST AI Risk Management Framework 1.0.Incident Response & Reporting
We operate a 24×7 on‑call rotation and commit to notify affected customers within 24 hours of confirming a breach of customer data. Monthly tabletop exercises ensure readiness. Our full Incident Response Plan is available on request.Your Controls & Choices
- Granular permissions: Disable analytics, revoke bank tokens or delete data in one click (Settings → Privacy).
- Right to be forgotten: We will delete all personal data within 30 days of request or account closure.
- Audit logs export: Enterprise plans can export six months of access logs via API.
Security is never “done.” If you spot something we can improve, drop us a note—responsible researchers earn public thanks and swag.