FIRMA is the financial operating system for operators running one entity or many. Sensitive finance work lives behind authenticated, isolated workspaces, while public marketing pages stay free of any place to enter sensitive data.
Traffic to FIRMA is served over TLS. Data moves between your browser and FIRMA over encrypted connections.
Tenant-scoped tables are protected by PostgreSQL row-level security with FORCE ROW LEVEL SECURITY enabled, so one workspace cannot read another workspace data, even if application code has a bug.
Multi-factor step-up verification is required before sensitive surfaces open, and sessions end automatically after 30 minutes of inactivity.
Security-relevant events are recorded to a FIRMA audit log retained for six years, so account activity can be reviewed after the fact.
Service credentials and keys are rotated on a disciplined schedule, and rotation is part of the incident-response process.
For eligible healthcare tenants, a BAA is available on request and must be in place before HIPAA-enabled surfaces are activated. FIRMA does not make a blanket HIPAA-compliant claim.
A SOC 2 examination is in progress. FIRMA does not present SOC 2 or HIPAA as completed compliance programs. Current status and documentation are shared through the demo and customer-success process.
FIRMA is designed around authenticated workspaces, role-aware access, and separation between public marketing pages and private finance workflows.
AI can help explain, draft, and route finance work. Posting, migration, and account-specific decisions stay review-first and evidence-aware.
The public AI Guide is for product education and business planning questions. It tells visitors not to enter bank, tax, card, payroll, password, or customer financial records.
FIRMA messaging and product design emphasize clean separation between entities, customers, documents, and finance review queues.
Financial workflows should leave context for the owner, bookkeeper, or accountant to review. The site does not promise automated professional judgment.
Public pages avoid certification, compliance, savings, and outcome claims unless accepted evidence exists and the claim is explicitly cleared.
The public FIRMA AI Guide should help buyers understand products, workflows, comparisons, migration planning, and business finance questions. Account-specific financial work belongs in controlled channels after the right scope is clear.
A SOC 2 examination is in progress. FIRMA does not present SOC 2 as a completed compliance program. Buyers can request current status through the demo process.
FIRMA does not make a blanket HIPAA-compliant claim. For eligible healthcare tenants, a BAA is available on request and must be in place, with MFA verification, before HIPAA-enabled surfaces are activated.
Tenant-scoped data is protected with PostgreSQL row-level security using FORCE ROW LEVEL SECURITY, so isolation is enforced at the database layer rather than relying on application code alone.
No. The public AI Guide is for education and product routing only. Do not enter bank, tax, payroll, card, password, or private customer financial records.
No. FIRMA can support finance workflows and owner review, but it does not replace professional accounting, tax, legal, payroll, or compliance judgment.
For product security questions, implementation scope, or vendor review materials, request a demo and LUCA will route the conversation to the right owner.