Security & Trust

Your books, protected further than an accountant's inbox ever could.

SelfSIA connects to your bank through licensed Open Banking rails and lets AI do the bookkeeping - without a single spreadsheet, PDF, or password ever changing hands. Here's exactly how we keep it that way.

AES-256
Encryption at rest
TLS 1.3
Encryption in transit
PSD2
Licensed Open Banking access
EU
Data residency & GDPR

The old way vs. SelfSIA

You've been trusting your finances to email attachments. That's the real risk.

Most businesses "secure" their accounting by forwarding bank statements over email or WhatsApp to a bookkeeper who stores them on a personal laptop. Compare that workflow to what happens inside SelfSIA.

Classic bookkeeping

The inbox method

What most small businesses still do today

  • × Bank statements as PDFs - sent unencrypted over email or messaging apps, sitting in inboxes indefinitely.
  • × Passwords shared by text - banking credentials handed over so the accountant can "just check something."
  • × No access log - no record of who opened, forwarded, or copied your financial data.
  • × Single point of failure - one laptop, one inbox, one person holding years of financial history.
SelfSIA

The automated method

What happens the moment you connect your bank

  • Read-only Open Banking access - data flows through a PSD2-regulated provider, never as a forwarded file.
  • Your banking password never reaches us - authentication happens directly with your bank, not with SelfSIA.
  • Every action is logged - uploads, edits, and AI-generated entries are timestamped and attributable.
  • Redundant, encrypted infrastructure - no single laptop or inbox can ever be your point of failure.

Architecture

Five layers stand between your ledger and anyone who shouldn't see it

We follow a defense-in-depth model: no single control is asked to do all the work. Data is wrapped in independent layers, from the network down to the individual ledger entry.

Network Application Identity Encryption Data
01

Network & infrastructure

Firewalled, segmented cloud infrastructure hosted in EU data centers, with continuous monitoring and automated intrusion detection watching every edge of the perimeter.

02

Application security

Every release goes through static analysis and dependency scanning before it ships. Regular penetration testing probes the platform the same way an attacker would.

03

Identity & access management

Authentication, role-based permissions, and isolated workspaces mean your accountant, bookkeeper, or co-founder only ever sees what they're meant to.

04

Encryption

TLS 1.3 protects data in motion; AES-256 protects it at rest. Encryption keys are managed and rotated independently of the data they protect.

05

Data & compliance governance

At the core: your ledger. Access is least-privilege, every touch is logged, and retention follows GDPR and applicable Latvian/EU accounting-record requirements.

Controls

What's actually protecting your data, in plain terms

No jargon without a definition. Here's what each control means for your business day to day.

Encryption everywhere

Data is encrypted in transit with TLS 1.3 and at rest with AES-256 - the same standard used across the banking sector.

AES-256 / TLS 1.3

Licensed Open Banking access

Bank connections run through PSD2-regulated aggregators. We request read-only permissions - never your online banking password.

PSD2 / AISP

Granular access & 2FA

Role-based permissions and mandatory two-factor authentication mean access is scoped to exactly what each person needs.

RBAC / MFA

Full audit trail

Every upload, edit, and AI-generated entry is timestamped and attributed - a tamper-evident record you can hand to any auditor.

Immutable logs

EU data residency

Data is hosted within the EU and processed under GDPR. It is never sold, and never shared with third parties for marketing purposes.

GDPR

Redundant backups

Automated, encrypted backups run across multiple availability zones, with disaster-recovery procedures tested on a regular schedule.

Multi-zone

Least-privilege internal access

SelfSIA staff cannot browse customer data by default. Production access is granted only when required, and every instance is logged.

Zero standing access

Continuous monitoring

Automated threat detection and vulnerability scanning run around the clock, flagging anomalies before they become incidents.

24/7 monitoring

Vulnerability disclosure

Security researchers can report issues directly to our team. Every report is triaged and acknowledged within two business days.

Data lifecycle

What happens from the moment you connect your bank

01

Connect

You authenticate directly with your bank through its own secure login. SelfSIA receives a read-only access token - never your credentials.

02

Encrypt

Transactions are encrypted in transit (TLS 1.3) the moment they leave your bank, before they ever touch SelfSIA's servers.

03

Process

Our AI categorizes and reconciles entries inside an isolated processing environment scoped to your workspace alone.

04

Store

Results are encrypted at rest (AES-256) and stored in EU data centers, backed up across multiple availability zones.

05

Retain / delete

Data is kept only as long as legally required for accounting records, or deleted on request in line with your GDPR rights.

Connected through licensed, regulated banking infrastructure

Open Banking (PSD2 / AISP) Regulated payment institutions EU-supervised aggregators Bank-grade authentication

Where we stand

Built on the controls certifications require - with formal audits underway

We'd rather show you the real state of things than round up. Here's what's live today and what's on our compliance roadmap as we scale.

Our approach to compliance

SelfSIA is built from day one on the technical controls that frameworks like SOC 2 and ISO 27001 require - encryption, access management, logging, and incident response - rather than bolting them on afterward.

As we scale, we're formalizing these controls into independently audited certifications. If you need documentation for your own compliance process today, our security team can share our current control set directly.

GDPR-aligned data handling Live
PSD2-licensed Open Banking access Live
AES-256 / TLS 1.3 encryption Live
Role-based access & 2FA Live

Security questions, answered directly

Do you ever see or store my online banking password?
No. SelfSIA connects through licensed Open Banking providers regulated under PSD2. You authenticate directly with your bank's own login screen; we only ever receive a scoped, revocable access token - never your credentials.
Is my financial data sold or shared with third parties?
Never. Your financial data is used exclusively to provide the SelfSIA service to you. It is not sold, rented, or shared with advertisers or data brokers. Third-party processors (such as cloud infrastructure providers) are contractually bound under GDPR data processing agreements.
Where is my data actually stored?
All customer data is stored in EU-based data centers. We do not transfer data outside the European Economic Area without appropriate safeguards in place.
What happens to my data if I close my account?
You can request deletion of your data at any time. We retain accounting records only for the legally required period under applicable Latvian and EU regulations, after which data is permanently deleted. You can initiate this process from your account settings or by contacting our support team.

Have a security or compliance question we haven't answered?

Our team can walk you or your auditor through our full control set, data flow diagrams, and current roadmap.