Security and trust posture. EU-hosted, audited, AI-safe.
ZenTreasury runs accounting and audit evidence for finance teams at IFRS-reporting companies. The platform is built so a CFO, an external auditor, or an enterprise procurement reviewer can verify how data is handled, how AI is constrained, and how every calculation is logged.
Identity and access.
Single sign-on with domain verification. MFA available for all users; SSO orgs can enforce via their IdP.
Azure AD / Entra ID SSO with domain verification
Google Workspace and Microsoft 365 OAuth for the Free tier signup
MFA available for all users; enforced via identity provider where SSO is configured
Role-based access controls scoped per organisation and per panel
Data residency and isolation.
EU-hosted in Helsinki. Row-level security on audit-trail and redaction tables; application-layer tenant scoping across the data model.
Hosted in Helsinki, Finland; data does not leave the EU
Row-level security on audit-trail and redaction tables (lease regenerations, flow audits, termination details, indexation details, variable payments, redaction salts and map); application-layer tenant scoping (OrganizationScope) across the rest of the data model
Encrypted at rest and in transit
Audit log entries scoped by organisation and role
Compliance posture.
GDPR aligned. SOC 2 hardening in progress. Independent review of lease accounting calculations available on request.
GDPR compliant data handling and subject access workflows
SOC 2 hardening in progress
Lease accounting independently reviewed by an international audit firm against IFRS 16
Six-year retention on audit-trail and access logs
AI guardrails.
The only AI access is a read-only MCP server: it reads your data, never computes, posts, or changes it. Access is scoped, rate-limited, and logged.
Calculations and formulas are not exposed to AI; the audited accounting engine produces every number
Three-layer PII redaction with HMAC-SHA256 placeholder substitution
AI access is read-only: the MCP server exposes data, it never posts or changes it
Per-tier rate limiting on MCP tools (Sanctum auth, scoped to organisation)
Auditors verify the numbers themselves.
Your external auditor verifies every number independently. Export schedules, journal entries and reports, and recalculate them line by line. Our IFRS 16 lease accounting has been independently reviewed by an international audit firm; the full report is shared during the product walkthrough.
Procurement or security review?
We respond to vendor questionnaires, RFI sections, and architecture reviews directly. Email is the fastest path.