DomusOS holds some of the most sensitive financial data a household ever generates. We treat that responsibility as the core product, not a checkbox. Here's exactly how.
Enterprise sign-on with SSO (SAML, OIDC), passkeys, time-based MFA, hardware tokens, and granular session controls. There are no shared passwords in the system.
TLS 1.3 in transit. AES-256 at rest. Database backups encrypted with separate per-tenant KMS keys. End-to-end encrypted team chat is rolling out now — built on the Signal protocol (X3DH + Double Ratchet), with each device publishing its own keys at sign-in. Once live, neither DomusOS nor our infrastructure providers will be able to read message contents.
We never see your bank or brokerage credentials. Authentication happens inside our aggregation partners' secure widgets. We store an opaque access token, scoped to read-only.
We have zero-data-retention agreements with our model providers. Your portfolio is sent to the model at inference time only, never used for training, never logged on the provider side.
Every household and office sits inside its own logical tenant. Row-level security at the database layer enforces isolation. We test for tenant escape on every deploy.
Point-in-time recovery to any second within the last 35 days. Multi-region object storage for documents. Quarterly disaster-recovery drills with documented RTO ≤ 4h and RPO ≤ 5min.
We rely on a short list of independently-audited sub-processors for hosting, identity, payments, aggregation, and AI inference. Each carries a current SOC 2 Type II report and a signed DPA. The current register is available under NDA on request.
We run a coordinated vulnerability disclosure program. Report a finding to security@domusos.io — we respond within 24 hours and credit researchers in our hall of fame.
End-to-end encryption is built to hide message content from us — and it's rolling out now. But there's a category of data — called metadata — that any messaging system has to handle in the clear to route messages at all. We're explicit about it so you know exactly what shows up in a subpoena response.
Group threads are coming soon — see our changelog. Until then, team threads with three or more participants are read-only while we finish MLS group encryption.
We share an honest status — what's in place, what's on the roadmap, and what's still aspirational. If there's a framework relevant to your jurisdiction that isn't here, ask us.
We'd rather know than not know. Email security@domusos.io with details and a proof-of-concept. We acknowledge within 24 hours, fix within an agreed window, and publish credit (or a bounty) once the fix is shipped.