Vinita Financial Trust Center

Data Security Overview

Effective August 2, 2025 · Tyler Sovereign Infrastructure

Back to Trust Center

Security philosophy

Our security architecture is guided by Durga's protection principle and Kali's velocity. We embrace zero-trust design, hardware-backed encryption, immutable logging, and a defence-in-depth model that assumes breach and responds with swiftness.

Tyler enclave architecture

  • Segmentation: Client data, analytics, and automation workloads run in isolated FreeBSD jails with ZFS encryption, micro-firewalls, and hardware attestation.
  • Envelope encryption: Secrets and records are encrypted at rest using XChaCha20-Poly1305 with HSM-backed master keys. Key rotation ceremonies occur quarterly.
  • Identity federation: Multi-factor authentication with WebAuthn hardware tokens is required for every steward. Privileged sessions are time-bound and recorded.
  • Client data flows: Intake forms, calculators, and insights feeds traverse mutual TLS (1.3) with certificate pinning and strict transport security policies.

Monitoring & detection

  • Continuous telemetry collected in Tyler Sovereign Analytics with anomaly detection, behavioural baselines, and guild-specific dashboards.
  • Security orchestration playbooks escalate to Durga incident command within five minutes of high-severity triggers.
  • Immutable audit logs stored in WORM enclaves with hourly integrity checks and Merkle tree attestations.
  • Quarterly penetration testing and red team exercises coordinated with external specialists.

Incident response

  • Documented runbooks aligned to NIST 800-61, HIPAA, GDPR, and California data breach statutes.
  • RACI matrix assigns guild leads for containment, communication, legal coordination, and customer care.
  • Mandatory post-incident reviews with root cause analysis, corrective action tracking, and Lakshmi celebration of responders.
  • Regulator and client notifications executed within statutory timelines; encrypted status portals activated for impacted households.

Third-party governance

Vendors and custodians undergo diligence covering financial stability, SOC 2 Type II or equivalent assurance, privacy practices, and incident history. Contracts enforce zero-trust connectivity, minimum encryption requirements, and breach reporting within 24 hours.

Business continuity & resilience

  • Daily encrypted backups replicated across Tyler-controlled regions with quarterly restore validations.
  • Continuity plans tested semi-annually, including failover of advisory tooling, communications, and prosperity telemetry.
  • Staff readiness maintained through tabletop exercises, call-tree verifications, and recovery guild rotations.

Compliance mappings

The security programme aligns with the following frameworks:

  • SOC 2 Trust Services Criteria (Security, Availability, Confidentiality)
  • HIPAA Security Rule safeguards for PHI received through Covered California engagements
  • GDPR Article 32 security of processing obligations
  • California Consumer Privacy Act (CCPA) reasonable security measures
  • FINRA and SEC cybersecurity expectations for registered investment advisors

Contact the Durga security desk

Email security@vinitafinancial.com for security questionnaires, penetration test summaries, or to report a vulnerability. Responsible disclosure guidelines are published at transparency.vinitafinancial.com.

Revision cadence

The Trust Operations guild reviews this overview quarterly and after any material system change. The last review occurred August 2, 2025. Change history is preserved in the security evidence room.