SECURITY

Built for the most sensitive information in credit markets

9fin protects confidential client data with enterprise-grade security and compliance.

Enterprise-grade by design

9fin's customers work on the most material transactions in the global credit markets. The information they bring to our platform demands protection commensurate with its sensitivity. We've built 9fin from the ground up to meet that bar.

brand-one-platform-light
Dedicated security expertise

Our dedicated security team protects the stack end-to-end, with documented incident protocols and continuous intrusion detection across production.

brand-intelligence-light
Your data never trains a model

We never use customer data to train any AI model. Zero Data Retention is contractually required of all model providers.

brand-market-data-light
EU data residency by default

AI processing runs primarily in AWS eu-west-1 (Ireland). For reliability, AI prompts may be routed to other EU or US regions when needed.

brand-clo-manager-profiles-light
Authentication on your terms

SAML 2.0 SSO across Okta, Microsoft Entra ID, Google Workspace, and OneLogin. Your team authenticates through your IdP, inherits your MFA policies, and follows your user lifecycle. RBAC and full audit logs included.

brand-covenant-tools-light
Isolation for private market data

For customers working with confidential, proprietary or permissioned data, Private 9fin enforces application-layer isolation through Row-Level Security, with customer-controlled access groups and an immutable audit trail.

brand-sponsor-profiles-light
Audited by accredited firms

9fin undergoes regular third-party audits and vulnerability testing — with latest audit reports available on the Trust Centre.

Compliant with industry standards

9fin's controls are aligned to AICPA Trust Service Principles and NIST standards, independently audited, and continuously refined.

Every certification and live compliance status is available through our Trust Centre.

9fin - NIST CSF & SOC 2 TYPE II

Designed for enterprise security requirements

  • Identity and access management integrated with your existing identity provider.
  • Annual penetration testing by independent CREST-accredited security firms, alongside regular vulnerability assessments and third-party audits.
  • Encryption in transit and at rest across production systems and backups.
  • AI chat retention defaults to 180 days, with least-privilege access controls.

Security is fundamental to how 9fin is built

We treat our security programme as a permanent investment in the trust our customers place in us.