Security
Security controls built for finance document workflows.
Docsift is built for finance teams that need controlled access, private file storage, review gates, and traceable exports.
Security for this kind of workflow is not one checkbox. It is a chain: access control, storage isolation, review discipline, auditability, and operational safety around the jobs that keep the workflow moving.
What matters here
Membership-backed row-level security instead of UI-only access checks.
Administratively provisioned account access.
Protected background job controls.
Current security posture
Controlled account access
Account access is provisioned by authorized administrators, with password setup and recovery handled through the account flow.
Company-scoped data isolation
The application is built around company memberships and row-level security so the tenant boundary is enforced at the data layer instead of only in frontend conditions.
Private attachment storage
Documents and related attachments are stored in private object storage with company-scoped access controls, which reduces the risk of exposing finance files outside the intended tenant.
Auditable mutations
Sensitive workflow steps such as approvals, settings changes, and export activity are designed to remain auditable so support and finance teams can reconstruct what happened.
Operational controls
Protected scheduler routes
Background processing and maintenance routes are restricted and monitored.
Optional AI with cost boundaries
AI can be enabled per company with configurable usage controls.
EU-first deployment posture
The current product plan is built around an EU-first data plane while still supporting US customers at launch from the same hosted baseline.
Legal and procurement support
Public trust material now includes privacy, terms, DPA, subprocessors, and retention pages so diligence starts from a documented baseline rather than ad hoc answers.
Frequently asked questions
How is account access managed?
Account access is provisioned by authorized administrators.
Are files public?
No. Attachments are designed for private storage with company-scoped access rules.
Can the workflow run without AI?
Yes. AI is optional, and the product keeps manual intake, review, approval, and export available when AI is off.
Need to pressure-test the control model with your team?
Security review gets easier when the product story and the implementation story line up. Use the trust pages as the starting point, then validate the workflow in a demo.