Access control
Identity-bound permissions, role-based scopes, and just-in-time access to sensitive data. Internal AI surfaces honour the same controls as the underlying systems.
Security & trust
Built for the people who have to sign off.
Veetso is a financial technology platform. Every workflow that touches money, customers, or compliance answers to the same control surface. We designed it for risk teams, auditors, and regulators as much as for the people who use the platform.
Controls
Six pillars, applied to every release.
These are the gates a deployment clears before it touches a regulated workflow.
Data classification
Every document, dataset, and model is classified by sensitivity, purpose, ownership, and AI eligibility before it touches an automated workflow.
Source attribution
Internal answers carry source links back to the document and revision they came from. Drafting is marked as drafting, never as fact.
Human oversight
AI supports staff; it does not own decisions humans are accountable for. Reviewer identity is recorded on every approval.
Vendor due diligence
Every AI model provider and infrastructure supplier passes a documented review covering security, residency, retention, and incident response.
Auditability
We log every query, source match, draft, and approval. The same trail the regulator would want to see sits in the system, queryable at any time.
Compliance posture
Frameworks we map to.
We design to the controls expected of a regulated institution. We pursue certifications on a published schedule, visible to partners under NDA.
- ISO 27001Information security management, in scope for 2026
- SOC 2 Type IITrust services criteria, in scope for 2026
- UK GDPR / EU GDPRData protection compliance ongoing
- PCI-DSS v4.0Card data handling, applicable where in scope
- DORAOperational resilience preparation underway
Privacy
What we keep, and why.
We collect only what the platform needs to operate, and we tell you what each piece is for.
- Operational telemetry
- Errors, performance, and usage counts. No content of queries or answers.
- Account & identity
- Standard auth. SSO via your IdP where applicable.
- Documents
- Stored in the region you nominate. Encrypted at rest and in transit.
- AI calls
- Routed through approved providers under a no-training contractual basis.
- Cookies
- Theme preference and the cookie banner choice. No third-party trackers.
FAQ
Questions about security and compliance.
How does Veetso handle AI safety?
Six gates govern every AI workflow at Veetso: use-case registration, data classification, access scoping, source attribution, human oversight, and vendor due diligence. Every workflow that touches AI clears all six before it is allowed near a regulated process. Each gate is documented, owned by a named person, and verifiable from the audit log.
What certifications does Veetso hold?
ISO 27001 (information security management) and SOC 2 Type II (trust services criteria) are in scope for 2026. UK GDPR and EU GDPR compliance is ongoing. PCI-DSS v4.0 applies where card data is in scope. DORA preparation is underway. Audit documentation is available to partners and regulators under NDA.
How is data stored and where?
Documents are stored in the region you nominate, encrypted at rest and in transit. AI calls are routed through approved providers under a no-training contractual basis. Operational telemetry records errors, performance, and usage counts only, never the content of queries or answers.
How does Veetso prevent AI hallucinations?
Every internal answer carries a per-claim citation back to the source document, revision, and paragraph. Drafting mode is marked as drafting and refused as citable fact downstream. Human review is required on every regulated decision. Attribution makes mistakes visible; human oversight catches them.
How should I report a security issue?
Write to security@veetso.com. We acknowledge within one business day. Coordinated disclosure is appreciated, and we credit researchers publicly with their permission. RFC 9116 security.txt is published at /.well-known/security.txt with the same contact details.
Reporting an issue
Security disclosures go to security@veetso.com.
We respond within one business day. Coordinated disclosure appreciated; we’ll credit you publicly with your permission.