Built for the data RIAs cannot afford to lose.
Zeplyn handles client meeting transcripts, advisor notes, and compliance records. This page is the working answer to RIA compliance officer and IT procurement questions.
Data handling
Meeting transcripts and advisor-approved records are stored encrypted at rest with AES-256 and in transit with TLS 1.2 or higher. Customer data is logically isolated per firm tenant. Zeplyn never trains shared models on customer transcripts; firm-specific fine-tuning is done in a tenant-scoped pipeline with explicit firm consent.
Access control
Zeplyn supports SSO via SAML 2.0 and OIDC, with role-based access for advisors, compliance officers, and operations staff. Audit logs cover every record view, edit, and approval. Access tokens are short-lived; refresh requires re-authentication on schedule.
Compliance posture
SOC 2 Type II audit is in progress with a planned report date in Q3 2026. Output templates are reviewed against FINRA Rule 4512, SEC Reg BI, and Form ADV Part II documentation requirements before each release ships to customers. Records can be retained for 5 or 7 years as required per SEC Rule 17a-4, with automated deletion schedules for records past their retention window.
Encryption
AES-256 at rest, TLS 1.2+ in transit, key rotation every 90 days.
Tenant isolation
Logical isolation per firm; no cross-tenant model training without explicit firm consent.
Access control
SSO via SAML 2.0 and OIDC. Role-based permissions. Full audit log per record.
Reach out for the security packet
For SIG Lite questionnaires, vendor security reviews, or a copy of our current SOC 2 status letter, email [email protected]. We typically reply within one business day.