Infrastructure

Security & Compliance

Security and compliance controls for Telumin — encryption in transit and at rest, data residency, access management, and a full evidence audit trail. Telumin holds no broker credentials — there are none to secure.

Overview

Telumin holds no broker credentials — there are none to secure. If you import your portfolio, Telumin holds your ticker symbols, quantities, written theses, and cashflows you entered. Everything is designed around minimising what that is. Evidence is namespaced per user, encrypted at rest, and deleted for real in one click.

Compliance & Certifications

SOC 2 Type II

Annual audits verify our security controls meet AICPA standards for security, availability, and confidentiality.

GDPR Compliant

Full compliance with EU data protection requirements, including data subject rights and processing agreements.

CCPA Compliant

California Consumer Privacy Act compliance for US-based customers and data subjects.

ISO 27001 Aligned

Information security management system aligned with international standards.

Security Architecture

  • End-to-end encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • SSO/SAML support: Integration with Okta, Azure AD, Google Workspace, and any SAML 2.0 / OIDC provider
  • Data residency: Choose where your data lives — US, EU, or APAC regions
  • Full evidence audit trail: Document → signal → diary → alert, exportable to your SIEM
  • Role-based access: Granular permissions for analysts, PMs, and read-only auditors
  • Penetration testing: Regular third-party security assessments and vulnerability scanning

Additional security options

Dedicated workersIsolated Temporal namespace and worker pool
Custom key managementBring your own encryption keys (BYOK)
Custom data retentionConfigurable retention per artefact type
IP allowlistingRestrict access to approved IP ranges