Security
Data · EU
Data in Europe. Decisions traceable.
Vantnod's trust is not built on a single promise at the bottom of a page. It is built on visible product detail: who can see what, which source the information rests on, what Noa suggests, who confirms the decision, and what trace the work leaves.
Financial data is too important to be a black box. Vantnod is built so that data, roles, sources, changes, and approvals stay separable and verifiable.
Security is not just a technical layer. It is part of the experience.
Trust primitives
01 / 09
Security shows up before data moves.
Vantnod's security model starts before the first report, suggestion, or approval. The user has to understand who is acting, with what right, on which source, and where a decision requires human confirmation.
- [01]
Data
EU-first processing and storage designed for European financial data.
- [02]
Roles
Access is based on the task, not just on having an account.
- [03]
Sources
A record, suggestion, or note links back to a transaction, document, or receipt.
- [04]
Decisions
Approvals, changes, and user actions leave a verifiable trail.
- [05]
Noa
AI suggestions are kept separate from human decisions.
Noa & AI
02 / 09
Noa suggests. Humans decide.
Noa is built to assist financial interpretation, not to hide decisions inside automation. AI on financial data is only useful if the user can see what a suggestion is based on and what happens next.
- [01]
Noa raises a flagSuggestion
Noa can raise a flag, suggest an explanation, or help the user understand a change.
- [02]
Bound to evidenceSource
A suggestion must link to verifiable information: a transaction, invoice, receipt, report, or the user's own context.
- [03]
Human confirmsBoundary
Noa must not be an invisible decision-maker. When an action has financial impact, the user's role and approval are part of the model.
- [04]
Layers stay separableTrail
The AI suggestion, the human approval, and the final change stay separable from each other.
Roles and rights
03 / 09
The right view for the right person.
Financial work is not the same for everyone. A founder needs the whole picture. A team member may only need the view for their task. An accountant needs verifiable material. An external partner may need limited access to one thing only.
- [01]
Owner
Sees the company's whole picture, manages users, and is responsible for key decisions.
- [02]
Team
Sees and does only what relates to their task.
- [03]
Accountant or finance partner
Needs sources, approvals, and material in a verifiable form.
- [04]
External user
Access is scoped to the situation. Not everyone needs the full finance view.
Audit trail
04 / 09
Every decision keeps a route back to the source.
Audit cannot be a PDF you hunt for later or a detached log you find only when something goes wrong. It has to be born during the work itself. When the user approves, changes, or checks financial data, Vantnod has to show where it came from, who acted, what changed, and when.
- Source
- Which document, transaction, or receipt is this information linked to?
- Actor
- Who made the change, approval, or check?
- Role
- On what right did the user act?
- Time
- When did the change happen?
- Change
- What changed relative to before?
- Decision
- Was it a Noa suggestion, a human approval, or the user's own action?
Example row (illustrative)
2026-06-09 14:02 · Noa suggested · human approved · entry #-
Data and storage
05 / 09
An EU-first model for financial data.
Vantnod is built for European company and financial data. What matters is not only where the data sits, but also how it is accessed, who uses it, how changes are recorded, and how the user can understand the flow.
- [01]
Storage
Financial data storage is designed EU-first.
- [02]
Processing
Data is processed by task and purpose.
- [03]
Access
Access is scoped by role, company, and task.
- [04]
Deletion and retention
The user gets a clear answer to what is kept, why, and for how long.
- [05]
Partners
Core technology and processing partners are described openly when they relate to the user's data.
Partners and responsibilities
06 / 09
No vague "trusted partners" fog.
Many services hide critical technology and processing roles behind generic language. Vantnod's stance is different: if a partner is materially involved in financial-data handling, payments, analytics, infrastructure, or messaging, the role has to be described in a way the user can understand.
- [01]
What does the partner do?
Infrastructure, payments, messaging, analytics, integration, or another role.
- [02]
Which data may it touch?
Financial data, user data, payment data, technical logs, or other scoped information.
- [03]
Where does the responsibility run?
What is on Vantnod, what is on the partner, and what can the user control themselves?
Before you send data
07 / 09
Start with a description, not sensitive attachments.
If you're asking whether Vantnod fits, don't send sensitive attachments in the first message. Describe the situation at a general level first: country, company form, current finance stack, and the decision that too often waits for information.
Not yet:
- personal identification numbers
- payroll data
- bank statements
- receipts or invoices
- customer lists
- accounting files
If more detailed material is needed, we agree on a secure way separately. This is part of security: not everything should move before it is clear what we are solving.
Status
08 / 09
The security model grows with the product.
Vantnod's security model evolves with the product. The security page states principles. The changelog shows what actually changes.
- Shipped
- A feature or behaviour that is in use.
- Beta
- A model in limited use that is being refined based on feedback.
- Roadmap
- An identified and planned need that is not yet complete.
- Design decision
- A product-architecture or accountability decision that guides how things are built.
Closing
Bring the financial data only after trust is clear.
Vantnod's security is built on visible responsibility: sources, roles, approvals, Noa's boundaries, and the audit trail.
You can ask, for example, where data is stored, who can access it, what Noa is allowed to suggest, how human approval is separated from the AI suggestion, how roles work with a team or an accountant, and how data is deleted or scoped.
Ask first. Bring the data only after you know how it will be handled.