Artifi
AR-TI-FI · SECURITY · PRIVACY · AUDIT

Security for agent-operated finance.

Artifi is built for sensitive finance data: organization-scoped schemas, role and entity permissions, approval-gated writes, encrypted credentials, scoped AI tool calls, and complete audit trails.

Talk to us →See agent governance
company_Xisolated schema per organization
149+tables cloned per tenant template
10system roles with granular permissions
7 yearsconnector event log retention
AI DATA BOUNDARY

Claude calls tools. It does not receive your database.

Users and agents interact with finance data through structured MCP tools. The server authenticates the request, scopes it to the organization and legal entity, performs the database operation, and returns only the response needed for the task.

01Authenticate

OAuth 2.1 or API keys produce the same security context.

02Scope

Organization, role, permission, and legal entity access are resolved before tools run.

03Call tool

Claude or an agent calls a structured MCP tool, not a bulk database export.

04Workflow gate

Writes route through validation, risk lanes, approvals, and executors.

05Audit

Tool calls, workflow history, agent events, documents, and transactions remain traceable.

CONTROL PLANE

Security controls built into the finance workflow.

Artifi security is not a separate checklist beside the product. It is part of how reads, writes, agents, files, approvals, and ledger posting work.

Data isolation

  • Dedicated PostgreSQL schema per organization
  • Legal-entity dimension inside each organization
  • Organization-scoped R2 object prefixes
  • Time-limited presigned document URLs

Access control

  • Auth0 OAuth 2.1 for interactive users
  • SHA-256 hashed API keys for programmatic access
  • Role-based permissions such as ap:write and ar:read
  • Entity-level restrictions for subsidiaries and clients

AI boundaries

  • Claude receives scoped tool responses, not database dumps
  • Agents have explicit allowed tools and workflows
  • Agent actions are recorded as events and instances
  • API inputs and outputs are not used to train Claude models

Ledger controls

  • Green, yellow, and red workflow risk lanes
  • Single or multi-level approval for sensitive writes
  • Posted transactions use reversals instead of silent edits
  • Workflow history captures approvals, rejections, comments, and edits
DATABASE ISOLATION

Separate organization schemas, shared platform controls.

Global metadata lives in `system.*`. Customer finance data lives in organization schemas such as `company_X.*`, cloned from a template schema and scoped on every operation.

system.*

Organizations, users, roles, workflows, transaction types, agent definitions, event queue.

company_X.*

Customer ledger, master data, bank accounts, transactions, dimensions, tax, reports.

template.*

Structure cloned for new customer schemas, keeping deployments consistent.

AUDIT AND COMPLIANCE

Every controlled action leaves evidence.

Finance automation only works if the history is inspectable. Artifi keeps workflow, agent, connector, document, and transaction evidence attached to the work.

Workflow history

Full approval timeline for controlled financial operations

Agent event logs

Every autonomous agent run, input, outcome, and exception

Transaction audit

Posted financial records with attribution and timestamps

Connector logs

Banking integration actions retained for seven years

Document history

Attachments and exports connected to source records

INFRASTRUCTURE

Designed for financial data, agents, and recovery.

Production infrastructure runs with separate application services, database environments, managed object storage, monitoring, and a path toward enterprise AWS deployment.

Encrypted transport

TLS protects user, server, database, banking API, and Anthropic API connections.

Encrypted credentials

Banking and payment provider credentials are encrypted with AES-256-GCM and never stored in plain text.

Separated environments

Development and production use separate databases and event processors to avoid cross-environment processing.

Backup path

Daily database snapshots, point-in-time recovery planning, and Cloudflare R2 file redundancy support recovery.

FAQ

Security questions finance teams ask first.

Can another organization see our data?

No. Customer data is stored in organization-specific PostgreSQL schemas. The platform scopes database access to the authenticated organization.

Does Claude train on our financial data?

No. Artifi uses the Anthropic API, where API inputs and outputs are not used to train Claude models.

Can an agent post directly to the ledger?

Agents submit controlled workflow actions. Risk lanes, permissions, validation, and approval rules determine what can execute.

Where are credentials handled?

Connector credentials are entered through secure admin flows, encrypted before storage, and never passed through chat history.