Security & Compliance
Security and compliance controls for Telumin — encryption in transit and at rest, data residency, access management, and a full evidence audit trail. Telumin holds no broker credentials — there are none to secure.
Overview
Telumin holds no broker credentials — there are none to secure. If you import your portfolio, Telumin holds your ticker symbols, quantities, written theses, and cashflows you entered. Everything is designed around minimising what that is. Evidence is namespaced per user, encrypted at rest, and deleted for real in one click.
Compliance & Certifications
SOC 2 Type II
Annual audits verify our security controls meet AICPA standards for security, availability, and confidentiality.
GDPR Compliant
Full compliance with EU data protection requirements, including data subject rights and processing agreements.
CCPA Compliant
California Consumer Privacy Act compliance for US-based customers and data subjects.
ISO 27001 Aligned
Information security management system aligned with international standards.
Security Architecture
- End-to-end encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- SSO/SAML support: Integration with Okta, Azure AD, Google Workspace, and any SAML 2.0 / OIDC provider
- Data residency: Choose where your data lives — US, EU, or APAC regions
- Full evidence audit trail: Document → signal → diary → alert, exportable to your SIEM
- Role-based access: Granular permissions for analysts, PMs, and read-only auditors
- Penetration testing: Regular third-party security assessments and vulnerability scanning
