DollarbazDOLLARBAZ

Legal

Trust & Security

Last updated 1 February 2025·How we protect your data and why your fund information never leaves your own infrastructure.

The short version: Your fund data lives in your Microsoft Dataverse instance. We never store it. Our AI endpoint processes text in transit and discards it immediately. Every risk decision requires a named human approver. The audit trail is immutable.

Data sovereignty

The Trust & Risk Engine is a Power Platform–native application deployed into your Microsoft 365 tenant. All data — claim records, evidence items, approval decisions, taxonomy configuration, audit logs — is stored in your Microsoft Dataverse instance.

This is a deliberate architectural choice. Your fund data is yours. It never moves to Dollarbaz-owned infrastructure. You control access, backup, and retention. If you end your subscription, your data remains intact in your environment — there is nothing to “export” because it was never in our possession.

  • All claim records stored in your Dataverse — not our servers
  • Evidence documents stored in your Microsoft 365 environment
  • Approval decisions and audit trail rows in your Dataverse tables
  • Role-based access governed by your Azure Active Directory groups

AI architecture & data handling

The AI capabilities in the platform — claim extraction, CT/ET classification, evidence checklist generation, and risk scoring — are provided by a stateless REST endpoint hosted on Microsoft Azure infrastructure.

What the AI endpoint receives

When a claim is submitted for extraction, the Power Automate flow sends the relevant text (from a fund document, factsheet URL, or pasted content) to the AI endpoint as part of an HTTPS request.

What the AI endpoint does not do

  • Does not store the submitted text after processing
  • Does not log fund-specific content to any persistent store
  • Does not retain any data between requests
  • Does not use your fund data to train or fine-tune models

What happens to the output

The AI endpoint returns structured JSON — claim classifications, evidence checklists, risk scores, and flag explanations — to the Power Automate flow. That flow writes the result to your Dataverse tables. The response payload is not stored anywhere else.

The AI endpoint is stateless by design. It holds no memory of previous requests. Each request is independent and produces no side effects beyond the JSON response.

Human-in-the-loop design

Every risk decision in the platform requires a named human approver. This is architecturally enforced — it is not a configuration option that can be toggled off.

  • AI provides extraction, classification, and a risk score
  • A named compliance approver reviews the claim, evidence, and score
  • The approver takes an explicit action: Approve, Reject, or Request changes
  • The approval decision is recorded with the approver’s identity, timestamp, and any notes
  • Only approved claims generate a locked audit pack entry

This design means that even if the AI makes a classification error, it cannot result in an approved, audit-ready claim without a human reviewing and accepting responsibility. The governance chain is intact regardless of AI accuracy.

Infrastructure

The platform components and their hosting locations are as follows:

  • Power Apps canvas app — hosted in your Microsoft 365 tenant, served from Microsoft’s regional infrastructure
  • Power Automate flows — running in your tenant, orchestrated by Microsoft’s Power Platform infrastructure
  • Dataverse tables — in your tenant, region determined by your M365 tenant location
  • AI endpoint — hosted on Azure, EU region, stateless
  • Authentication — Supabase (EU region) for Dollarbaz account management; Azure AD for platform access within your tenant
  • Dollarbaz website and marketing — hosted on Vercel (EU region)

Access control

Access to the platform within your environment is governed by Microsoft Azure Active Directory and Dataverse role-based access control. We configure the following roles during onboarding:

  • Drafter — can submit claims and upload evidence; cannot approve
  • Reviewer — can comment and request changes; cannot give final approval
  • Compliance Approver — can give final approval; approval is recorded with identity
  • Administrator — can configure taxonomy, manage users, export audit packs
  • Read Only — can view records; cannot take any action

Access to Dollarbaz’s own infrastructure — including the AI endpoint and account management systems — is restricted to Dollarbaz engineering staff and governed by least-privilege access controls, MFA, and audit logging.

Audit log integrity

Every action taken in the platform generates an immutable audit log entry in Dataverse. Log entries include:

  • Action type (claim created, evidence uploaded, approval given, etc.)
  • Actor identity (Azure AD user ID and display name)
  • Timestamp (UTC, millisecond precision)
  • Record version — what the record contained at the time of the action
  • IP address where available

Audit log rows are append-only. Neither platform users nor Dollarbaz can edit or delete audit log entries. This is enforced at the Dataverse table level via security roles that grant create access only — no update or delete.

Subprocessors

The following subprocessors are used in delivering the Service:

  • Microsoft Azure — AI endpoint hosting (EU region). Processing: stateless text inference only. No data retained.
  • Microsoft Power Platform / Dataverse — deployed in your tenant. Microsoft is your processor in this context, not ours. Governed by your Microsoft agreements.
  • Supabase — account and authentication data for the Dollarbaz web interface (EU region). GDPR-compliant, SOC 2 Type II certified.
  • Stripe — payment processing. PCI DSS Level 1. No fund data involved.
  • Vercel — website and marketing hosting (EU region). No fund data processed.

We maintain written agreements with all subprocessors that include GDPR-compliant data processing terms. We will notify customers of material subprocessor changes with at least 30 days’ advance notice.

Security testing

We conduct regular security reviews including:

  • Automated dependency vulnerability scanning on every deployment
  • Regular manual review of authentication and access control logic
  • Penetration testing of the AI endpoint and web interfaces at least annually

If you discover a potential security vulnerability in our systems, please report it responsibly to security@dollarbaz.com. We commit to acknowledging reports within 2 business days and to keeping reporters informed of remediation progress.

Incident response

In the event of a security incident that may affect customer data, we will:

  • Investigate and contain the incident as promptly as possible
  • Notify affected customers within 72 hours of becoming aware of a personal data breach
  • Notify the relevant supervisory authority where required under GDPR or UK GDPR within 72 hours
  • Provide a full incident report on request following remediation

Note that because your fund data lives in your Microsoft tenant, a breach of Dollarbaz infrastructure does not by itself constitute a breach of your fund data. The blast radius of a Dollarbaz-side incident is limited to account metadata and billing information.

Data Processing Agreement

A Data Processing Agreement (DPA) is available to all customers on request. The DPA incorporates standard contractual clauses as approved by the European Commission for transfers of personal data outside the EEA, and equivalent UK addenda for UK transfers.

To request a DPA, contact us at legal@dollarbaz.com.

Security contact

For security questions, vulnerability reports, or DPA requests:

security@dollarbaz.com — vulnerability reports and security questions
legal@dollarbaz.com — DPA requests and legal data protection matters
privacy@dollarbaz.com — individual rights requests and GDPR matters