Security is part of the foundation, not a bolt-on
Client financial data is among the most sensitive there is. Prism is built so each person sees only what they should, every meaningful action is accountable, and secrets never touch the browser.
Tenant isolation at the data layer
Prism is multi-tenant by design and isolated where it counts — in the database. Every table is governed by row-level security along the firm → advisor → client hierarchy. A client can only ever read their own household; an advisor sees only their book; a firm admin sees only their firm. These rules are enforced by the database on every query, not merely hidden in the interface — so a bug in the UI cannot expose another tenant's data.
Authentication
Managed auth with a PKCE flow, optional time-based one-time-password (TOTP) multi-factor authentication with assurance-level enforcement, and optional Google sign-in.
Encryption
All traffic is served over TLS. Data at rest is encrypted by our managed database provider.
Least privilege
Roles (client, advisor, firm admin) scope access at the data layer. New users get no access until they are provisioned into a firm.
Secrets stay server-side
Payment and aggregation secrets live only in serverless functions. The browser only ever holds a public key and the signed-in user's own session.
Hardened application surface
- An enforced Content-Security-Policy and HSTS, plus
X-Frame-Options,X-Content-Type-Options, and a strict referrer and permissions policy. - Core libraries are self-hosted rather than pulled from third-party CDNs at runtime, reducing supply-chain exposure.
- User-supplied content is sanitized before render.
- Webhooks are signature-verified and serverless functions verify the caller's identity.
- Every build passes an automated check gate before it can ship.
Accountability & records
Security and compliance reinforce each other. The same model that scopes access also powers an append-only audit trail of meaningful actions (with actor, timestamp, and a readable summary), immutable profile versioning for point-in-time review, and a daily write-once (WORM-style) archive. Together these are designed around the record-keeping principles of SEC Rules 17a-3 and 17a-4.
Infrastructure & subprocessors
Prism runs on established providers, each engaged under data-protection terms. The full list — with purpose and location — is in our Data Processing Agreement: Supabase (database, auth, storage, functions), Cloudflare (hosting, CDN, edge security), Stripe (payments), Plaid (account linking, on user consent), and Google (optional sign-in).
An honest view of our posture
We would rather earn trust by being transparent than overstate where we are. Here is what is in place today and what is on the near-term roadmap before and as we onboard live client data.
| Control | Status |
|---|---|
| Row-level tenant isolation (firm → advisor → client) | In place |
| Optional MFA (TOTP) with assurance-level enforcement | In place |
| TLS in transit; encryption at rest | In place |
| Enforced CSP + HSTS + hardened headers | In place |
| Append-only audit trail + immutable versioning | In place |
| Daily WORM-style archive to private storage | In place |
| Automated tenant-isolation (RLS) test suite | In place |
| Production database tier with point-in-time backups | Provisioned before live-client onboarding |
| Object-lock immutable storage for the archive (full 17a-4-grade WORM) | On the roadmap |
| Third-party attestation (e.g., SOC 2) | On the roadmap |
Prism is operated by LeMay Ventures LLC (founder: Cory M. Lemay). For data-protection questions, see our Privacy Policy and DPA.