Security
Your data stays yours. That's not a feature. It's the foundation.
Origin Zero is built from the ground up to meet the security expectations of institutional investors, fund managers, and advisors who handle sensitive financial data every day.
We don't cut corners. Every layer of the platform, from authentication to infrastructure to data handling, is designed to protect your models, your assumptions, and your decisions.
Security by design
Three principles. Every layer.
Defence in depth
Multiple layers of protection at every level: network, application, data, and access. No single point of failure.
Zero trust by default
Every request is authenticated and authorised. Nothing is implicitly trusted. Not users, not services, not network traffic.
Transparency first
Full audit logs on every action. You can see exactly who did what, when, and why. Down to the individual assumption change.
Infrastructure & access controls
Six layers between your data and the world.
Cloudflare edge protection
All traffic is routed through Cloudflare's global network, providing DDoS mitigation, WAF protection, bot management, and edge caching before a request ever reaches our infrastructure.
IP whitelisting
Restrict platform access to approved IP addresses only. Control exactly which networks can reach your environment. Ideal for firms with fixed office or VPN infrastructure.
Passwordless authentication
Magic link sign-in eliminates password-related vulnerabilities entirely. No credentials to leak, no passwords to phish, no reset flows to exploit.
Role-based access control
Granular permissions across the platform. Control who can view, edit, approve, or export, scoped by role, team, and asset.
Encryption everywhere
All data encrypted in transit with TLS 1.3 and at rest with AES-256. Your financial models and assumptions are protected at every stage.
Tenant isolation
Every client's data is logically isolated. There is no cross-tenant access, no shared storage, and no blended processing. Your environment is yours alone.
Data privacy
Your financial models contain some of the most sensitive data in your organisation. Assumptions, valuations, deal structures, and performance metrics. We treat that with the seriousness it deserves.
No client data is ever used to train models or improve algorithms. Your data is processed solely for the purpose of delivering your results, and nothing else. We do not share, sell, or repurpose client data under any circumstances.
Tested and validated
Origin Zero undergoes regular independent penetration testing to identify and resolve vulnerabilities before they become risks. We don't just build secure systems. We prove it.
Vulnerability scanning runs continuously across our infrastructure. Security patches are applied promptly, and every release goes through a security review before deployment.
Our commitment
Security isn't a checkbox for us. It's an ongoing discipline. We are building Origin Zero to meet institutional-grade standards, and our security architecture is designed to scale as our clients' requirements evolve.
We maintain detailed audit logs on every action taken within the platform. Every model upload, every scenario run, every assumption change, and every sign-off. Full traceability from input to output, always.
Questions about security?
We're happy to walk through our security architecture, answer specific questions about data handling, or provide details for your internal due diligence process.