Trust Center

Enterprise-Grade Security

Enterprise-Grade Security

At Concluded, we are committed to protecting the confidentiality and integrity of your data. While we are not yet SOC 2 compliant, we rely exclusively on secure, industry-leading platforms like Google Cloud Platform (GCP), Typeform, and other trusted third-party tools. These services are held to the highest security standards, with certifications including SOC 2, ISO 27001, and GDPR compliance, helping ensure your data remains safe and protected.

Overview

Security is foundational to everything we build at Concluded. As a fintech company modernizing business valuations and SBA lending workflows with AI-powered tools, we understand the importance of earning and maintaining your trust.

Our approach is guided by the following principles:

  • Privacy and Transparency: We uphold clear, transparent privacy practices and are committed to protecting your data.

  • Best-in-Class Infrastructure: We build on secure platforms trusted by leading financial institutions worldwide.

  • Proactive Security: We continuously assess risks, refine protocols, and invest in processes that keep your data secure.

Infrastructure

We use globally recognized vendors with strong security track records:

Google Cloud Platform (GCP)

  • Certifications: SOC 1, SOC 2, SOC 3, ISO 27001, PCI DSS, GDPR

  • Features: Secure access controls, encryption at rest and in transit, real-time monitoring

Typeform

  • Certifications: ISO 27001, GDPR

  • Features: Secure data handling and encrypted form submissions

These platforms are relied upon by financial institutions, healthcare providers, and global enterprises for their security and reliability.

Core Principles

Employee Security Training
 Every Concluded employee completes security training during onboarding and annually. Team members follow strict protocols including strong password policies, 2FA, and secure VPN access for remote work.

Endpoint Security
 All company devices are protected with disk encryption, malware protection, and up-to-date firewalls. We enforce regular security patching and compliance audits.

Code Security
 We use peer-reviewed code, version control, and continuous integration tools. Only authorized personnel can deploy to production environments.


Data Protection & Privacy

We classify data by sensitivity to ensure proper controls at every level:

  • Confidential Data: Customer financials and proprietary deal data, protected by strict access control and encryption

  • Internal Data: Concluded’s proprietary software and algorithms, safeguarded through role-based access and secured systems

  • Public Data: Non-sensitive information intended for general visibility

All customer data is encrypted both in transit and at rest using industry-standard protocols (e.g., TLS and AES-256).


Monitoring & Incident Management

Security Monitoring
 We use automated monitoring tools to detect suspicious activity, audit system access, and assess vulnerabilities in real-time.

Incident Response
 If an issue arises, our security team follows a structured incident response protocol:

  • Identify and assess the incident

  • Contain and mitigate impact

  • Notify affected parties when appropriate

  • Implement solutions to prevent future occurrences


Vulnerability Management

Our vulnerability management program includes:

  • Frequent system scans for weaknesses and misconfigurations

  • Prioritized remediation of security findings

  • Independent penetration testing from third-party security experts


Our Commitment to You

At Concluded, we serve banks, SBA lenders, and financial institutions that demand the highest standards of trust and data integrity. We are actively working toward SOC 2 compliance and continue to invest in the infrastructure, training, and controls needed to protect your business.

For questions or more details about our security posture, please contact us at info@concluded.com.