Security & compliance
Security is the product.
A platform that holds the full financial picture of families and their advisors has no room for “trust us”. So we show it. Live.
Certifications & frameworks
GDPR
Bonafi is built and operated under the GDPR. EU data residency, documented processing, data processing agreements with every client, and sub-processor transparency.
ISO 27001 · 27017 · 27018
Our information security management system follows the ISO 27000 family: 27001 for information security management, 27017 for cloud security, and 27018 for the protection of personal data in the cloud. We pursue all three because the financial data we hold deserves the full standard. Certification is in the audit process; our controls are continuously monitored.
Follow our controls live.
Our Trust Center shows the real-time status of our security controls, our sub-processors, and our policies. No snapshots, no claims. The current state, always.
How we build
European by architecture.
Data stored and processed in the EU. AI runs on European infrastructure with no-training commitments from every provider.
Encryption everywhere.
In transit and at rest, on every layer.
Access follows responsibility.
Role-based access for clients, advisors and relationship managers. Every action logged.
Humans in the loop.
No figure becomes part of the record without review. The approval queue is architecture, not a feature.
Questions about security or compliance?
Get in touch