CCassandra AML
Scope checkPricingSecurityAboutSign inStart free

Security

Built to withstand examination.

Compliance software holds some of a practice's most sensitive records. Our standard is that every security claim we make maps to a test, a database invariant or a recorded browser proof in our engineering evidence base — not to marketing copy.

Enforced practice isolation

Every practice's records are separated with database-enforced row-level security — isolation is applied by the database itself, not just application code, and is verified continuously.

Mandatory multi-factor authentication

Every user enrols authenticator-app MFA. Sensitive areas, including restricted reporting, require recent step-up verification. Sessions expire on inactivity and are individually revocable.

Tamper-evident audit trail

Every material action is recorded in a hash-chained audit log, so the history of a client file can be verified rather than asserted.

Restricted suspicious-matter workspaces

Suspicious-matter records are isolated from staff without an explicit grant — they do not appear in searches, work queues or audit views for unauthorised users.

Retention aligned to obligations

Evidence records carry seven-year retention aligned to AML/CTF record-keeping obligations, with deletion denied at the database privilege level.

Honest integration states

Every external integration is labelled live, sandbox or not connected. A simulated check can never satisfy a real compliance requirement — the database enforces it.

Infrastructure

The service runs on managed cloud infrastructure (Vercel and Neon) with encryption in transit and at rest. All application mutations pass through authenticated, same-origin-checked, schema-validated routes. Internal service endpoints fail closed when credentials are absent.

Responsible disclosure

If you believe you have found a security vulnerability, email security@cassandraaml.com. Please include enough detail to reproduce the issue and allow us reasonable time to remediate before public disclosure. We do not take legal action against good-faith research conducted within these guidelines.

CCassandra AML

The evidence-first AML/CTF workspace for Australian tax agents and accounting practices.

Product

Create practiceFree scope checkSign inPricingIntegrationsSecurity

Company

AboutContact

Legal

Privacy PolicyTerms of Service

Cassandra AML assists compliance work. It does not provide legal advice, guarantee compliance or imply AUSTRAC endorsement.

© 2026 Cassandra AML. All rights reserved.