Security & data handling

Nooriel is AI-native, but the reasoning AI works on tokens, never raw identities. Personal information is replaced before any model is involved and reconstructed only at the final submission step:

1. 1Connect — We pull transactions from your existing systems — database, API, cloud storage, files, even spreadsheets. Read-only; you stay the system of record.
2. 2Secret Vault — Names, account numbers and other identifiers are replaced with per-tenant tokens and encrypted (AES-256). Raw personal information stops here.
3. 3Gatekeeper — A single, audited access point enforces purpose-bound, minimum-necessary access to the tokenized data.
4. 4AI reasoning — Detection and report drafting run on tokens only. The AI provider never receives raw personal information, and your data is never used to train models.
5. 5Submit — Only at the final step is data reverse-tokenized — inside the finished report itself, at the FINTRAC submission boundary.

Net effect: your customers' PII never reaches the AI model. Your compliance officer reviews and signs every report — the AI drafts, it never decides.

• Encrypted in transit with TLS.
• Encrypted at rest with AES-256.
• Secrets and credentials are held in a managed secret store, not in source code.

• Passwords are stored only as salted Argon2id hashes — never in plain text.
• Email verification is required to activate an account.
• Authentication endpoints are rate-limited to resist brute-force and credential-stuffing.
• Access within the platform follows least-privilege, role-based controls, with tenant isolation between organizations.

Every sensitive action is written to a hash-chained ledger — each entry is cryptographically linked to the one before it, so any insertion, deletion or edit breaks the chain and is detectable. Your compliance team and an examiner can verify the chain independently, not just take our word for it. The trail records who did what, when, and the explainable reasoning behind each AI-assisted decision — in line with OSFI E-23 model-risk and explainability expectations.

Regulated banks can run the entire data plane inside their own cloud tenant (Azure, AWS or GCP). The reasoning model runs in a no-egress subnet, encryption keys stay customer-managed (CMEK), and Nooriel operates only a thin control plane (licensing, updates, support). Your data never leaves your environment — you hold the keys and the kill switch.

Production data is hosted in Canadian data-centre regions, supporting data-residency expectations under PIPEDA and Quebec's Law 25.

• Each customer organization's data is logically isolated from others.
• Infrastructure runs on a major cloud provider with managed, regularly-patched services.

We are working toward SOC 2 Type II. Until our report is available, we provide our full control set, data-flow diagrams and security documentation to prospective customers under NDA.

The subprocessors we rely on:

• Cloud hosting — Google Cloud (Canadian region).
• AI reasoning — leading LLM providers (e.g. OpenAI, Anthropic), which receive tokenized data only, never raw PII, with no training on your data.
• Identity verification — Persona.
• Payments — Stripe (we never store card numbers).
• Transactional email — Resend.

The current subprocessor list is maintained in our Data Processing Agreement.

If you believe you've found a security issue, please email support@nooriel.com. We appreciate responsible disclosure and will work with you to confirm and address valid reports. For how this connects to data handling, see our Privacy Policy.