The security review,
before you ask.
Discentra detects behavioural triggers and places an AI coaching call to your traders within 5 seconds. This page covers what we collect, what we never touch, who processes it, and what happens when something goes wrong. Coaching, not financial advice.
What we collect, and what we never touch
Scope is the first security control. The behavioural engine runs on six fields and nothing else.
Collected
- Pseudonymised trader ID
- Trade timestamps
- P&L per trade
- Trade size
- Instrument symbol
- Phone number, field-level encrypted
Never collected
- Account balances
- Net worth
- Government IDs
- Card numbers
- Home addresses
Encryption and data handling
The defaults your DPA will hold us to.
Recordings
Every call recording is encrypted with AES-256-GCM.
Phone numbers
Field-level encrypted, and deleted within 30 days of a trader leaving the cohort.
In transit
TLS on every connection between your platform and Discentra.
Retention
90-day default for recordings, transcripts, and SMS logs. Up to 7 years where FCA or ASIC clients require it.
Erasure
GDPR erasure requests completed within 30 days.
Residency
EU-region database provisioned per client engagement. Trader data never sits in general business tooling.
Compliance, signed and maintained
A signed governance suite, reviewed on a schedule and available under NDA.
Data protection impact assessment
Processing risks assessed and mitigated, with a standing review date.
Record of processing activities
Every processing activity and sub-processor on the record.
EU AI Act Article 50 assessment
Disclosure obligations mapped. Every call announces that it is AI.
Transfer impact assessment
Cross-border transfer routes assessed and documented.
Information security policy
MFA on every account, device security, key handling, access registers.
Breach-response runbook
A documented incident protocol with a 72-hour ICO notification path.
Data retention schedule
Retention periods and deletion methods, defined per data class.
A DPA is signed before any data transmission.
Trader consent is collected before any call, SMS, or recording.
A crisis escalation contact is a hard prerequisite. No deployment without one.
Every call includes an AI disclosure, per EU AI Act Article 50.
Infrastructure and sub-processors
Who touches trader data, and whose certificates they hold.
Retell AI
Voice platform
SOC 2 Type II certified. HIPAA and GDPR compliant. Runs on AWS infrastructure. Zero-data-retention agreements with OpenAI, ElevenLabs, and Anthropic.
Supabase
Database
ISO 27001 certified. The certificate is held by Supabase, not by Discentra. EU-region hosting, daily backups, point-in-time recovery.
Model layer
LLM, via Retell
GPT-4.1 primary with Claude as fallback, orchestrated through Retell under zero-data-retention with every model provider.
Twilio
Telephony
SOC 2 Type II for voice. ISO 27001, PCI DSS, HIPAA, and GDPR compliant. Phone numbers stay inside production-data controls.
These certifications belong to the vendors named above, not to Discentra. Our own assurance is the signed governance suite and the DPA that binds it. The full sub-processor list ships with the DPA.
Built for breach
Zero-trust design for an AI agent that handles trader data on behalf of regulated firms.
Never trust, always verify
Every access request is authenticated and authorised, regardless of origin.
Assume breach
The platform is designed to contain damage when a compromise occurs, not only to prevent one.
Least agency
Each agent receives the access its function requires, and nothing more.
The design test for every control: does it make an attack impossible, or only tedious? We prefer removing a capability over slowing an attacker down.
Least agency in practice
The voice agent can place a coaching call and write call records for its own tenant. It holds no send or delete rights on unrelated systems and no cross-tenant access.
Per-tenant isolation
Multi-tenant isolation seals each client off from every other client. Identity-based first, with network segmentation as the backstop.
Append-only audit trail
Every agent action is logged with agent identity, timestamp, and the trigger that fired it. Each coaching call traces back to its cause, which supports EU AI Act explainability and 7-year retention where FCA or ASIC clients require it.
Short-lived credentials
Service access uses short-lived, scoped tokens with automatic refresh. Static API keys do not exist in production. MFA is enforced on every human and administrative account.
Untrusted input, by default
Trader SMS replies are treated as untrusted input and validated before they can influence the agent. Output filtering and the coaching-not-advice boundary are enforced in the architecture, with crisis detection and jailbreak blocking at the voice layer.
Discentra builds the production platform per client engagement. The governance suite above is signed and operational today. Platform controls are designed in and delivered with the build at your tier, and in diligence we mark which is which.
Frequently asked questions
Production trader data lives in a Supabase EU-region database provisioned for your engagement, with daily backups and point-in-time recovery. Voice processing runs through Retell AI on AWS infrastructure under zero-data-retention agreements with the model providers. Telephony runs through Twilio. Trader data is never stored in general business tooling.
No, and we will not blur that line. ISO 27001 belongs to Supabase, the database sub-processor. SOC 2 Type II belongs to Retell AI, the voice platform, and to Twilio for telephony. Discentra's own assurance is a signed and maintained governance suite: data protection impact assessment, record of processing activities, EU AI Act Article 50 assessment, transfer impact assessment, information security policy, breach-response runbook, and data retention schedule, plus ICO registration ZC108503. The full pack is available under NDA.
Six fields: a pseudonymised trader ID, trade timestamps, P&L, trade size, instrument symbol, and a phone number that is field-level encrypted. Discentra never collects account balances, net worth, government IDs, card numbers, or home addresses.
Your platform sends trade events over a REST API or WebSocket. Every request is authenticated at the gateway with JWT or API-key auth, encrypted in transit with TLS, and scoped to your tenant. Inside the platform, agents run on short-lived scoped credentials, and every action lands in an append-only audit log.
A documented breach-response runbook is operational today, with a 72-hour ICO notification path and client notification obligations written into the DPA. The architecture assumes breach: per-tenant isolation and least-agency scoping exist to limit how far a compromise can reach.
Discentra is ICO-registered (ZC108503) and processes trader data under a signed data protection impact assessment and record of processing activities. A DPA is signed before any data transmission. Trader consent is collected before any call, SMS, or recording. Erasure requests complete within 30 days, and default retention is 90 days, extending to 7 years where FCA or ASIC rules require it.
Put this page in front of your security team.
The signed documentation pack, DPIA to breach runbook, is available under NDA. Bring the questionnaire.