Full auditability, every AI interaction is logged with a unique trace_id. To provide this transparency, AI Interaction traces are captured by our central observability platform (Langfuse), hosted securely in the US.

No Black Box AI. All AI outputs are fully traceable to their originating data, with transparent reasoning steps and justifications included for every insight generated. Each customer’s data and context are processed in isolation, ensuring insights are explainable and auditable — never mixed across clients. Detailed observability is maintained for every AI interaction, so you always know how and why each decision is made.

Aligned with ISO/IEC 42001 (AI Governance) and ISO/IEC 27001 (Information Security).Prepared for the upcoming EU AI Act, helping ensure our solutions remain low-risk for financial services.

GSmart employs a comprehensive Zero Trust Security Architecture, anchored by Azure Managed Identity. This approach eliminates risks from hardcoded credentials and enforces strict role-based access controls(RBAC). All resources and interactions are continuously authenticated and validated. This principle of least privilege ensures is used to cause systems to have only the minimum access necessary, significantly reducing the attack surface and enhancing security resilience. All interactions are meticulously logged and monitored, enabling swift detection and response to any anomalies or unauthorized access attempts.

Agentic capabilities in GSmart are securely constrained within customer-defined boundaries. Agents interact solely with customer-specific, isolated datasets and do not utilize or train on information from other clients. Each agent operates under stringent permission sets, with comprehensive auditability, and system-defined security guardrails, empowering users to innovate safely and confidently without sacrificing data privacy or control.

GSmart employs rigorous, multi-layered security testing integrated into GTreasury’s CI/CD pipelines. This includes proactive “red team” testing against carefully curated golden datasets — validating inputs and outputs of prompts, comprehensive static and dynamic security scans on all code, and systematic benchmarking of AI models for vulnerabilities, compliance, and performance.

All data is encrypted using advanced cryptographic standards. Data in transit is secured via TLS 1.2+ protocols, employing modern cipher suites such as AES-GCM,ECDHE, and SHA-384 hashing algorithms. Data at rest utilizes AES-256 encryption, with key management rigorously controlled and regularly rotated per Azure’s enterprise-grade standards. Our encryption practices fully align with SWIFT Customer Security Controls Framework (CSCF).

Active evaluation of AI use cases against the EU AI Act framework to ensure compliance and maintain low-risk classification.

Same idea, but enforced with Inference-Only AI policies, supported by audit logs and verification mechanisms.

Clients have full control over AI capabilities through feature flags and can restrict which datasets are accessible for AI processing.

Client data at rest is always stored exclusively within your selected region (e.g., US, EU, APAC). For AI processing, EMEA and North America clients have both data storage and AI inference within their region. For APAC and other regions, AI processing is securely routed to US infrastructure where data is handled transiently - processed in-memory only and automatically purged upon completion. All data is encrypted in transit with no retention or reuse of prompts or outputs for model training, ensuring no permanent cross-region data storage occurs.