Financial Data API

Security & Compliance

Enterprise-grade security for your financial data. SOC 2, GDPR, and infrastructure built for institutions.

Talk to our security team Get API Key

Certifications

Trusted by institutions

SOC 2 Type II

Annual third-party audit of security controls. Access controls, encryption, monitoring, and incident response verified.

GDPR

Full compliance with EU data protection regulations. Data residency options, right to deletion, and processing agreements.

ISO 27001

Information security management framework. Certification in progress.

Infrastructure

Infrastructure security

TLS 1.3

All API traffic encrypted in transit.

AES-256

Data encrypted at rest.

Global CDN

Edge nodes in North America, Europe, and Asia-Pacific.

DDoS protection

Enterprise-grade mitigation at the edge.

Pen testing

Regular third-party penetration testing.

Access control

Access control

API key scoping

Restrict keys to specific endpoints or data types.

Role-based access

RBAC for teams and enterprise accounts.

IP allowlisting

Restrict API access to approved IP ranges.

Audit logs

Full audit trail of API usage and access.

SSO / SAML

Enterprise SSO and SAML 2.0 support.

Data handling

Data handling

Data retention

Configurable retention policies. Data deleted when no longer needed.

DPA

Data Processing Agreement available for enterprise customers.

Data residency

EU and US data residency options for enterprise.

Right to deletion

GDPR-compliant deletion of personal data on request.

Frequently asked questions

Yes. Eulerpool maintains SOC 2 Type II certification covering security, availability, and confidentiality. Annual audits are conducted by an independent third-party firm. Enterprise customers can request the full SOC 2 report under NDA.

All data in transit is encrypted with TLS 1.3. Data at rest is encrypted with AES-256. API keys are hashed and stored securely — we never store plaintext keys. Our infrastructure runs on SOC 2 certified cloud providers with hardware security modules (HSMs) for key management.

Yes. Eulerpool is fully GDPR compliant. We process minimal personal data (email and API key), provide data portability and deletion on request, and maintain a Data Processing Agreement (DPA) for enterprise customers. Our infrastructure is hosted in EU and US regions with data residency options.

API keys are generated with cryptographic randomness, transmitted only over TLS, and stored as salted hashes. Keys can be rotated at any time via the dashboard. IP allowlisting and key scoping (read-only, specific endpoints) are available on paid plans for defense in depth.

Yes. Enterprise plans support SAML 2.0 SSO, SCIM user provisioning, and role-based access control (RBAC). You can define team-level API key permissions, audit access logs, and enforce MFA. This integrates with Okta, Azure AD, Google Workspace, and other identity providers.

Questions about security?

Talk to our security team

Or get your API key to start building.

Explore More

Enterprise

Enterprise API

Pricing

API Pricing

Use Cases

Risk & Compliance

Docs

API Documentation