Security

Last Updated: April 2026

Faraday builds governance and workflow systems for businesses. The work we do requires your trust — and we take that seriously. This page describes how we think about security, the principles that shape what we build, and what we're committed to as our products mature.

This is not a certification statement. It's a commitment document. As our security program matures, this page will grow with it.

Our Security Principles

Security at Faraday is built on four principles that shape every decision we make about how our products handle your data.

Security is a product decision, not a layer added on top.

We build controls into Faraday products from the beginning — access controls, audit trails, validation logic, and oversight mechanisms are core to what FACP, PSE, and Studio do. These aren't bolted-on features. They're how the products are designed to work.

The customer's data belongs to the customer.

We don't sell personal data. We don't share customer data with third parties for marketing or analytics outside the service providers necessary to operate our business. We process data to provide the services you've engaged us for, and for no other purpose.

We build for auditability.

Because our products govern workflows where accountability matters — accounting, payroll, compliance — we design them to produce records that stand up to review. The same discipline applies to how we operate our own business: decisions about security, access, and data handling are documented and reviewable.

We'd rather say “not yet” than overclaim.

This page does not claim certifications we haven't earned or controls we haven't implemented. When we have SOC 2 attestation, third-party audits, or specific compliance certifications, they will be named here. Until then, we'd rather be specific about what we're building than vague about what we have.

What We Focus On

Our security program is organized around four areas:

Access and identity. How we control who can access what, both inside Faraday and inside our products. Role-based permissions, authentication standards, and least-privilege design.

Data handling. How data moves through our systems, how it's stored, and how it's protected at each stage. Encryption, minimization, and retention.

Operational integrity. How we monitor for issues, respond to incidents, and keep systems running reliably. Logging, alerting, and continuity planning.

Governance and accountability. How we make security decisions, document them, and hold ourselves accountable to the standards we set. This is also what our products help customers do for their own workflows.

What This Page Will Become

As Faraday's security program matures, this page will be updated to reflect specific commitments and certifications, including:

• Third-party audit attestations (SOC 2, ISO, or equivalents)
• Data processing agreements and subprocessor disclosures
• Incident response policies and service-level commitments
• Penetration testing cadence and summary findings
• Security questionnaire responses and trust documentation

If you're evaluating Faraday for a deployment where specific security documentation is required, we'd rather have the conversation directly than commit to things on a webpage before they're real. Contact us and we'll walk you through where we are, what we're building, and how it maps to your requirements.

Working With Us

For enterprise buyers, procurement teams, or legal reviewers who need more detail on our security posture:

Email info@faradaycapitalsystems.com with the subject line “Security Review.” We'll respond with the documentation we have available and an honest assessment of gaps. We don't have a trust portal yet. We will.

Reporting a Security Issue

If you believe you've found a security vulnerability in a Faraday product or on our website, please contact us at info@faradaycapitalsystems.com with the subject line “Security Disclosure.” We'll acknowledge receipt within two business days and work with you on appropriate next steps.

Please do not publicly disclose security issues until we've had an opportunity to investigate and respond.

Changes To This Page

We may update this page as our security program evolves. Material changes will be reflected in the “Last Updated” date above.

Contact

SR Holdings LLC (d/b/a Faraday Capital Systems)
Email: info@faradaycapitalsystems.com