Security
Your data never leaves your environment.
DwellFi runs within your cloud, in your region, with no shared infrastructure. Your data, model outputs, and audit logs stay where you control them.
Sovereign.Deterministic.Owned.
Architecture
One tenant boundary. Structural by design.
DwellFi is not a multi-tenant platform with a security wrapper. It is a single-tenant deployment inside the cloud account you already trust. The boundary is set at deployment, not at the demo.
Your data sits in your tenant. Your models run in your tenant. Reconciliations, NAV figures, audit logs, prompts, and completions all live inside the perimeter your security team already monitors.
DwellFi’s control plane orchestrates the work but never touches the payload. Inference stays inside your tenant, under your encryption keys.
Controls
What the boundary buys you.
The controls in place today are consequences of the architecture, not features bolted on top of it. The full set, including the SOC 2 Type II report, lives in the Trust Center.
Structural tenant isolation
Each customer runs in their own cloud tenant. Isolation is set at the architecture layer, not enforced by policy or shared-database row filtering.
There is no shared customer datastore to misconfigure.
Data residency, by contract
Deploy to AWS, GCP, Azure, or Oracle. Choose the region. Choose the encryption posture. The platform follows the contract, not a default.
Cross-region replication only when the customer requests it.
SOC 2 Type II, in production
SOC 2 Type II report available on request. Vendor risk teams receive a response from the security team within one business day.
Request access at the Trust Center.
Trust Center
The full record, at the source.
The SOC 2 Type II report, security questionnaires, and supporting documentation are hosted on trust.dwell.fi. Vendor risk teams can request access directly. A member of the DwellFi security team responds within one business day.
Open the Trust Center →