Built for compliance-grade data -encrypted, isolated, US-only.
VeroFin is designed as a privilege-preserving, US-only legal document intelligence and FinCEN compliance platform. Three pillars define our security posture: secure infrastructure, controlled AI usage, and a human-in-the-loop workflow that keeps attorneys firmly in charge of every filing.
- Encryption
- AES-256
At rest + TLS 1.3 in transit
- Tenant isolation
- RLS
Postgres row-level security
- AI retention
- ZDR
Zero Data Retention keys
- Region
- US-only
Vercel + Supabase US regions
1. Secure, US-only infrastructure
VeroFin runs on a modern US-hosted stack with strong isolation between firms and a deny-by-default posture at every layer.
Database & storage
Supabase (PostgreSQL + Storage) with Row-Level Security enforcing strict tenant isolation at the database engine layer - even a compromised application layer cannot read another firm's records.
Hosting
Vercel edge + serverless runtime, TLS 1.3 for all traffic, encrypted deployment artifacts. The application is operated as a US-only service; data never leaves US regions.
Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Uploaded closing packages live in private, non-public buckets with signed-URL access only.
Data lifecycle
Raw uploaded closing packages are automatically removed from storage 90 days after a filing is completed; structured filing data and BSA XML remain available to your firm subject to your account and the 5-year BSA recordkeeping window.
Tenant isolation
Every filing, document, extraction snapshot, and entity-index record is tagged with a tenant ID and protected by RLS policies. Cross-tenant queries return zero rows by design.
2. Controlled AI usage - no training on client data
AI is used to draft and validate the 111 FinCEN fields, not to build a global model of your clients. All AI calls are server-side, authenticated, and scoped to a single tenant.
Server-side only
The browser never calls model providers directly. All prompts and responses flow through VeroFin's backend where they are authenticated, logged, and scoped to a single tenant.
Zero Data Retention
We use OpenRouter and upstream LLM providers solely to perform extraction and validation for a given filing, via a dedicated key configured with Zero Data Retention (ZDR) and no-training settings. Prompts and outputs are not stored or used to train models.
Minimum necessary data
The AI sees only the documents needed to extract the 111 FinCEN fields for the filing in front of you. It has no cross-tenant access to your database and does not see billing or authentication data.
No auto-filing
VeroFin never submits reports to FinCEN. AI outputs are drafts; every filing is reviewed and submitted through the BSA E-Filing portal by your team.
3. Human-in-the-loop & full auditability
VeroFin is designed so that attorneys and paralegals remain clearly responsible for every filing - with the evidence trail to prove it.
Drafts, not decisions
A dual AI review (extraction pass + independent cross-validation pass) prepares the BSA XML, but the output is explicitly presented as a draft. You decide what to file and when.
Attorney review workflow
The platform is built around review and approval by licensed professionals. All legal determinations remain with your firm, not with the software.
Field-level context
Each extracted field includes a confidence score, the source document, the source page, and a verbatim source-text snippet - so your team can verify the AI's work in seconds, not minutes.
Immutable audit log
Every extraction, validation, edit, approval, retry, and filing event is recorded in an append-only audit log with full CSV export - an examiner-ready record of how each report was prepared.
Persistent entity index
Beneficial owners, LLCs, and trusts are deduplicated across your filings and linked to the closings they appear on. Repeat-party patterns surface in your tenant before they surface to a regulator.
Every request stays within your sovereign boundary.
A closing package enters your tenant over HTTPS / AES-256. Inside your tenant, a dual AI pipeline extracts and cross-validates against FinCEN rules with all storage gated by Row-Level Security. The output - BSA E-Filing XML - leaves your tenant only when your team explicitly downloads or submits it.
Browser → tenant
Authenticated upload over TLS 1.3, AES-256 at rest in private bucket.
Inside the tenant
Server-side AI calls (ZDR keys), RLS-scoped database reads, audit log on every event.
Tenant → FinCEN
Attorney downloads BSA E-Filing XML and submits via FinCEN's secure portal. We never auto-submit.
Who touches your data, and where
Short list of the sub-processors VeroFin uses to deliver the service. All are US-based and operate under the data-handling commitments described above.
- VercelHosting, edge runtime, CDNUnited States
- SupabasePostgres + storage + authUnited States
- OpenRouterLLM routing (ZDR keys)United States
- Anthropic ClaudeAI extraction + validationUnited States
- StripeBilling & subscriptionsUnited States
For complete legal terms and data-handling details, see our Terms of Service, Privacy Policy, and Sub-processors list. VeroFin supports BSA-readiness workflows; the nationwide RRE rule is currently vacated with an appeal pending. Confirm reporting obligations with counsel.
Your next closing package, processed in under 3 minutes.
Built for closing attorneys and title firms who want to stay ahead of AML obligations - not scramble to catch up. Private vault provisioned in 24 hours. Attorney review required before any filing.
No credit card required. Your data stays in your private vault.
While the nationwide RRE rule is vacated pending appeal, VeroFin supports readiness and all BSA workflows your counsel directs. Not legal advice.