Loading…

SiraMint
Security

Security built into the workflow

Ownership records are sensitive. Access, changes, and data handling stay accountable by design.

SiraMint is not a generic file store. It is built for ownership records, approvals, and multi-party access — which means security is part of the product workflow, not an afterthought.

Every action runs in the context of a signed-in customer account. Permissions follow real-world responsibility: owners, co-owners, firm staff, and advisors see only what their role allows. Sensitive operations require authentication and are recorded in an audit log.

Our approach

We combine technical controls with operational practices: encrypted transport, protected storage, secure session handling, and maintained hosting environments. We do not sell your personal data. See our privacy policy for collection and use details.

Security is shared responsibility. We protect the platform. You protect credentials, review invitations, and revoke access when someone leaves your family, company, or firm.

Platform protections

How we keep your data safe

Encryption & storage

Data is protected in transit with TLS. Sensitive fields and uploaded documents use encryption at rest on our infrastructure.

  • HTTPS for all web and API traffic
  • Encrypted storage for uploaded documents
  • Passwords stored using one-way hashing — never plain text

Access control

Every action runs in the context of a signed-in customer with role-based permissions scoped to vaults, assets, and documents.

  • Owner, co-owner, and firm-scoped roles
  • Per-asset and per-document permissions
  • CSRF protection on state-changing forms

Audit logging

Material changes and many read events are logged so teams can reconstruct what happened and when.

  • Timestamped activity history
  • Approval and transfer records
  • Exportable logs for compliance reviews

Account protection

We apply rate limiting, secure session handling, and optional identity verification for high-risk actions.

  • Rate limits on login and contact forms
  • Secure cookie settings
  • Optional identity verification for legacy release and verified actions
Operational practices

Security is ongoing, not a checkbox

Responsible hosting

The application runs on maintained server environments with restricted access and regular security patches.

Least-privilege operations

Internal access to production systems is limited to what is needed to operate and support the service.

Incident response

We investigate reported vulnerabilities and service issues promptly and communicate with affected customers when required.

Your responsibilities

Use strong passwords, review who you invite to a vault, and revoke access when someone leaves your team or firm.

Questions about compliance or deployment?

We can walk through access controls, audit logs, and how SiraMint fits your firm or group policy.

Talk to us Privacy policy