Security built into the foundation
Not bolted on after the fact. Every architectural decision in TidalCap was made with fiduciary responsibility in mind.
Enterprise-Grade Infrastructure
TidalCap runs on infrastructure that holds SOC 2 Type II certification, a third-party audit standard covering availability, confidentiality, and security. That certification belongs to the underlying infrastructure provider, not to TidalCap as an independent entity. The architectural controls TidalCap enforces, including data isolation and encryption, are built on top of that certified foundation.
The security controls TidalCap enforces, including row-level data isolation and encryption at rest and in transit, are in place and operational today.
Data Isolation at the Core
Investor data isolation is built into the foundation of TidalCap, not added later. Every record is tagged to the correct owner and enforced at the deepest level of the platform.
This means every investor's information is protected and private on every interaction. An LP cannot access another LP's data. An account rep cannot see clients assigned to other reps. This isolation is automatic and guaranteed.
What this means in practice
Your investors log in and see only their own portfolio: their investments, their documents, their performance. Nothing else. Your account reps see only their assigned clients. Firm leadership sees the complete picture across all funds. Each view is consistent, reliable, and complete.
Four layers of protection
Role-Based Access
Every user is assigned a role at the database level. LP, account rep, and admin roles each have explicitly defined permissions. A user can only ever access what their role permits.
Row-Level Enforcement
Access is scoped not just by role but by the specific records that belong to that user. An account rep sees only their assigned clients. An LP sees only their own investments. Enforced on every single query, automatically, at the database engine level, not application logic.
Full Audit Trail
Every insert, update, and delete across all critical tables is automatically logged with a timestamp, the action taken, and what changed. If a question ever arises about who accessed what and when, the answer is in the system.
Data Encryption
All investor data is encrypted at rest using AES-256 and in transit using TLS. Data never travels unencrypted between the database, the server, and the client.
Questions about security?
We're happy to walk through the architecture in detail. References from firms currently on the platform are available on request.