Introducing LUCIA — The AI Credit Platform. Try the interactive demo →

Security built for
credit fund standards

Private credit data demands the highest level of protection. LUCIA's architecture is designed around isolation, encryption, and auditability from the ground up.

Data Architecture

Per-deal data isolation

Every borrower's data lives in its own isolated container. No cross-contamination between deals, borrowers, or teams.

Relay Logistics
Financial data, reports, covenants, loan terms, call transcripts
ISOLATED
Wall
Threadline
Financial data, reports, covenants, loan terms, call transcripts
ISOLATED
No cross-deal AI learning. LUCIA's AI analyzes each borrower independently. Insights from Relay Logistics never influence Threadline's analysis.
Team-level access control. Different team members can be assigned to different borrowers. A junior analyst working on Relay can't see Threadline's data unless explicitly granted access.
Borrower portal isolation. When borrowers log in to submit documents, they see only their own deliverables and statements. No visibility into your fund, other borrowers, or internal analysis.

Infrastructure

Encryption, residency, and access control

AES-256 Encryption
All data encrypted at rest with AES-256. All connections encrypted in transit with TLS 1.3. No unencrypted data paths at any point.
Zero Model Training
Your borrower data is never used to train AI models — not ours, not anyone else's. Zero retention after processing. Your data stays yours.
US-Only Data Residency
All data processed and stored exclusively in US data centers. No offshore processing. Full data sovereignty and regulatory compliance.
Role-Based Access Control
Granular permissions for credit officers, analysts, operations staff, and borrowers. SSO integration (SAML, OIDC) for enterprise deployments.
Complete Audit Trail
Every action is logged: document uploads, report generation, data access, edits, exports, and login events. Immutable audit logs for regulatory review.
API Security
API access via scoped tokens with configurable permissions. Rate limiting. IP allowlisting available for enterprise deployments.

Compliance

Compliance roadmap

CURRENT
Security-first architecture — per-deal isolation, encryption, RBAC, audit trail, zero data retention
IN PROGRESS
SOC 2 Type I — independent audit of security controls and organizational policies
PLANNED
SOC 2 Type II — continuous monitoring and operational effectiveness verification

Questions about security?

Our team is happy to walk through our security architecture, provide additional documentation, or discuss specific compliance requirements.

Contact Security Team