Security and data confidence

Finance data needs traceability, access control, and honest AI boundaries.

Larch is built around firm-scoped data isolation, Canadian-region hosting, audit logging, and human-reviewed output.

Discuss SecurityPrivacy

Data posture

Finance workspace controls

DatabaseSupabase Postgres
Regionca-central-1
IsolationFirm-scoped at database layer
AuditActor, timestamp, before and after
AIDrafting only, human-reviewed

Firm-scoped data isolation

Firm-scoped data isolation is enforced at the database layer.

Canadian region

Financial data is hosted on Supabase Postgres in ca-central-1.

Audit trail

Every edit captures actor, timestamp, before state, and after state.

Human review

AI can draft, but reviewed humans approve before publish.

CONTROL MODEL

The trust story is practical, not theatrical.

This page avoids vague phrases like bank-grade or autonomous finance. The confidence story is specific: where data sits, who can access it, what gets logged, and where humans stay in the loop.

Firm-scoped data isolation

Firm-scoped data isolation is enforced at the database layer.

Canadian region

Financial data is hosted on Supabase Postgres in ca-central-1.

Audit trail

Every edit captures actor, timestamp, before state, and after state.

Human review

AI can draft, but reviewed humans approve before publish.

AUDIT TRAIL

Every meaningful change leaves a trail.

Working Brief edits, KPI observations, forecast locks, report state changes, and decisions belong in a system that can be reconstructed later.

audit_log sample

April 2026

10:47:23MS

edited Working Brief

Health snapshot section

10:42:11JL

added KPI observation

Gross margin note

10:38:54MS

locked Forecast v4

Assumption set preserved

10:32:08JL

logged Decision DEC-042

Linked to action ACT-019

ACCESS

Different stakeholders should not get the same door.

Owners, controllers, advisory teams, lenders, and boards need different access. The model should match the work, not flatten everything into one account type.

StakeholderAccessMechanism
firm teamFull engagement workspaceInternal delivery
Client ownerReviewed outputs and decisionsEngagement access
ControllerKPIs, actions, reportsOperational access
Lender or boardSpecific deliverablesExpiring magic link

AI boundaries

AI supports drafting. It does not approve finance work.

AI is used for Working Brief skeletons and Pack section drafts. Every output is human-reviewed before publish.

Can draft first-pass narrative
Can structure Pack sections
Cannot make autonomous financial decisions
Cannot publish deliverables

Security conversation

Bring your controller, lender, board, or IT advisor.

We will walk through access, audit logging, data residency, and the roadmap honestly.

Book a Walkthrough