Compliance & Security

Last Updated: March 7, 2026

1. Overview

Paisashield is committed to maintaining compliance with applicable laws and implementing industry-standard security practices. This page outlines our compliance framework and security measures.

2. Regulatory Status

Important Regulatory Disclosure:

  • NOT a Registered Investment Advisor: Paisashield is NOT registered with any securities regulator and does NOT provide investment advice.
  • NOT a Broker-Dealer: We do NOT execute trades, hold securities, or act as a broker.
  • NOT a Financial Institution: We do NOT hold, transfer, or custody funds or assets.
  • Software Provider Only: We provide financial data management software as a service.

3. Data Protection Compliance

3.1 GDPR (General Data Protection Regulation)

For users in the European Economic Area (EEA):

  • Legal basis for processing: Contract, Legitimate Interest, Consent
  • Data subject rights respected (access, rectification, erasure, portability)
  • Data processing records maintained
  • Data breach notification procedures in place

3.2 CCPA (California Consumer Privacy Act)

For California residents:

  • Right to know what personal information is collected
  • Right to deletion of personal information
  • Right to opt-out (we do NOT sell personal information)
  • Right to non-discrimination

3.3 Other Privacy Laws

We make reasonable efforts to comply with applicable data protection laws in jurisdictions where we operate, but we cannot guarantee compliance with all local regulations.

4. Security Measures

4.1 Data Encryption

  • In Transit: All data transmitted via HTTPS/TLS encryption
  • At Rest: Database encryption supported (configuration dependent)
  • Passwords: Hashed using pbkdf2:sha256 (never stored in plain text)

4.2 Access Controls

  • Authentication: Email verification required for new accounts
  • Multi-Tenant Isolation: Logical data separation between workspaces
  • Role-Based Access: Granular permissions at workspace and company levels
  • Session Management: Secure session tokens and CSRF protection

4.3 Application Security

  • CSRF Protection: Session-based tokens on all state-changing requests
  • SQL Injection Prevention: Parameterized queries via SQLAlchemy ORM
  • Input Validation: Server-side validation of all user inputs
  • Security Headers: Content Security Policy, X-Frame-Options, etc.

4.4 Infrastructure Security

  • Regular security updates and patches
  • Firewall protection for database access
  • Monitoring and logging of suspicious activities
  • Backup procedures (customer responsibility to verify)

5. Data Breach Response

In the event of a data breach:

  • We will investigate and contain the breach promptly
  • Affected users will be notified as required by law
  • Regulatory authorities will be notified where applicable
  • Remediation measures will be implemented

Limitation: We are NOT liable for damages resulting from data breaches. See Terms of Service for liability limitations.

6. Third-Party Service Providers

We use third-party services that have their own security and compliance certifications:

Service Provider Purpose
Email Delivery Resend Transactional emails
Market Data Yahoo Finance (yfinance) Real-time pricing
CDN Various Static assets (CSS, fonts)

We are NOT responsible for the security practices or compliance of third-party providers.

7. SOC 2 / ISO Certifications

Paisashield is currently NOT SOC 2 or ISO 27001 certified. We may pursue these certifications in the future as our organization grows.

8. Financial Regulations

8.1 Not Subject to Financial Regulations

As a software-only provider, we are NOT subject to:

  • SEC (Securities and Exchange Commission) regulations
  • FINRA (Financial Industry Regulatory Authority) rules
  • Banking regulations (FDIC, OCC, etc.)
  • Money transmitter licenses

8.2 User Compliance Responsibility

YOU are responsible for:

  • Compliance with securities laws in your jurisdiction
  • Tax reporting and filing obligations
  • Regulatory filings related to your investments
  • Adherence to professional licensing requirements (if applicable)

9. Audit and Transparency

We maintain:

  • Activity logs for security monitoring
  • Access logs for troubleshooting
  • Change logs for database modifications

Enterprise customers may request audit reports (availability not guaranteed).

10. Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly:

  • Email: security@paisashield.com
  • Provide detailed description and reproduction steps
  • Do NOT publicly disclose until we've had time to address it
  • Do NOT exploit the vulnerability beyond proof-of-concept

We will acknowledge receipt within 72 hours and provide a timeline for resolution.

11. Service Level Agreement (SLA)

Paisashield does NOT provide guaranteed uptime or service level agreements unless specified in a separate Enterprise Agreement. We make best efforts to maintain service availability but are NOT liable for downtime or service interruptions.

12. Export Compliance

Users are responsible for compliance with export control laws and trade sanctions. You may NOT use Paisashield:

  • In countries subject to comprehensive trade embargoes
  • By persons or entities on restricted party lists
  • For purposes prohibited by export control regulations

13. Business Continuity

We maintain reasonable business continuity measures including:

  • Regular database backups
  • Disaster recovery procedures
  • Incident response plans

User Responsibility: You should maintain independent backups of critical financial data. We are NOT liable for data loss.

14. Changes to Compliance Practices

We may update our compliance practices and security measures at any time. Material changes will be reflected in updated policy documents with new "Last Updated" dates.

Compliance Inquiries

For compliance-related questions:

Email: compliance@paisashield.com

Security: security@paisashield.com

Back to Home