← Security
PREZENTDCompliance Summary

Security & compliance, on one page.

A diligence summary advisors can hand to their OSJ or compliance department. Every statement below is current; the authoritative source documents — SOC 2 Type II report, System Description, and policies — live in the Trust Center linked at the bottom.

Company & Platform

Product
PREZENTD — the deliverable workspace for advisory and planning firms.
Operated by
CW Frontier Innovations LLC. PREZENTD is one of three products on the same audited platform and shared infrastructure vendors.

Certifications

SOC 2 Type II
PREZENTD is built on the CW Frontier Innovations platform, which maintains SOC 2 Type II compliance, with real-time monitoring via Vanta. PREZENTD is governed by these same audited security and privacy controls. The SOC 2 Type II report and System Description are available in the Trust Center.

AI Data Handling

No model training
Customer content is not used to train AI models. Customer-content AI requests are routed through ZDR-only (zero data retention) provider endpoints that do not retain prompts or responses.
Gateway guardrails
Before customer content reaches a model, the AI gateway applies prompt-injection detection and redaction for common sensitive-data patterns (SSNs, card numbers, IP addresses).

Data Residency

United States
Production infrastructure and managed storage are hosted in the United States.

Access Control

Who can access firm data
Access is restricted to authenticated members of the firm's own workspace, governed by organization-scoped controls and database-level (row-level security) tenant isolation. Authentication is handled by Clerk; client content is not used for model training or shared with third parties beyond the ZDR AI providers required to deliver the service.

Retention & Deletion

Source files
Uploaded source files are used to generate the deliverable and are not retained as original files.
Export & deletion
Customers can export their deliverables at any time. On cancellation, workspace data is deleted on request — no extended holding window.

Breach Notification

Within 72 hours
A defined incident-response process; affected customers are notified within 72 hours of a confirmed breach affecting their data, with the information needed for the firm's own regulatory obligations.

AI Scope & Human Oversight

What is genuinely AI
LLMs draft narrative, generate deliverable content, and apply firm voice. Template refills, field edits, and brand application are deterministic and do not call a model.
Human in the loop
PREZENTD drafts and assembles deliverables; it does not send anything to clients. Every client-facing deliverable passes through advisor review and approval. The firm remains responsible for review, supervision, and recordkeeping under its own policies.

Encryption & Sharing

Encryption
Customer data is encrypted in transit and at rest across production infrastructure and managed storage.
Client links
Shared presentation links use encrypted, time-bound, revocable tokens and are served with no-cache, no-index, and no-referrer protections.