# Security & your data

> How CorpSec AI protects sensitive personal data, why the audit trail can never be edited, and how you can export everything you hold at any time — no lock-in.

_Updated 2026-07-11_

Source: /help/security-and-data

**In short:** Sensitive identity data (NRIC / passport, address, email) is masked everywhere and encrypted at rest when your firm’s encryption key is provisioned. The audit log is append-only — it cannot be edited or deleted, enforced by the database itself. You can export your whole firm’s data (JSON, CSV or a ZIP with all documents) from Settings at any time, and generate a regulator-ready inspection pack from Settings → Inspection Pack (admin only).

## Sensitive data is masked everywhere (live)

Identity numbers are never shown in full. Across the screen, in exports, and in anything the AI sees, an NRIC / FIN / passport number is masked to its first character and last four digits — for example S1234567A becomes S****567A. This means even the AI that drafts your documents never handles a raw identity number.

_[screenshot: An officer record showing a masked ID number like "S****567A".]_

## Encryption at rest (live)

The most sensitive fields on an officer record — the identity number, address and email, plus sensitive answers in client forms — are designed to be encrypted at rest using strong, per-firm keys (AES-256-GCM envelope encryption). Each encrypted value is tied to your firm, so it cannot be moved or replayed elsewhere.

> **Note:** Encryption switches on when your firm’s encryption key is provisioned; until then those fields are stored as-is. Masking, however, is always on regardless. If encryption at rest is a procurement requirement for you, confirm your key is provisioned.

## An audit trail that cannot be edited (live)

Every meaningful action — a document generated, a status changed, a company created, a firm renamed, a KYC gate blocking a document — is written to an audit log. You can read it in Settings → Audit Log or the right panel’s Activity tab.

Crucially, the log is append-only. Records can be added but never changed or deleted — and this is enforced at the database level, not merely by the app. That gives you a tamper-evident history you can stand behind in an inspection.

_[screenshot: The Audit Log table: Time, Action, User and Details columns, newest first.]_

## Export everything — no lock-in (live)

Your data is yours. An admin can export the entire firm from Settings → Account → Export firm data. Three shapes are available:

- JSON — a full snapshot: companies, officers, tasks and their workflow state, KYC dossiers, invoices and billing, fee schedule, documents and an audit summary.
- CSV — the ACRA-style registers of companies and officers.
- ZIP — the JSON and CSVs plus every generated document file, with a manifest of what is included.

> **Note:** By default, identity numbers in exports are masked. An admin can produce an unmasked export with an explicit confirmation step — and that stronger export is itself recorded in the audit log.

## Inspection evidence pack (live)

CorpSec AI assembles a regulator-ready evidence pack — a cover attestation, each company’s CDD dossier, a firm summary, and an integrity manifest that lets a third party re-verify nothing was altered, with honest flags wherever screening was on demo data.

It is available today from Settings → Inspection Pack (admin only). Choose the pack type — ACRA CSP AML/CFT, PDPC data protection, or general due-diligence — and generate the bundle in one action. The full JSON / ZIP data export above remains available for a raw snapshot.

> **Note:** The Prepare for an ACRA inspection playbook walks you through using the inspection pack step by step.

## Where your data is hosted

CorpSec AI hosts data in Singapore. For the full security and privacy posture — sub-processors, retention and the data-processing agreement — see the Security and Privacy pages.

## Frequently asked questions

### Can anyone tamper with the audit log?

No. It is append-only and the database itself refuses to update or delete entries. New records can be added, but history cannot be rewritten.

### Is my data encrypted?

Sensitive identity fields are masked everywhere and are encrypted at rest when your firm’s encryption key is provisioned. Data is hosted in Singapore.

### What if I want to leave?

Export everything at any time — JSON, CSV, or a ZIP that includes all your generated documents. There is no lock-in.

### Does the AI see clients’ NRIC numbers?

No. Identity numbers are masked before they ever reach the AI; the real number is only re-applied inside the final legal document, server-side.

## Related

- [KYC & compliance](/help/kyc-compliance)
- [Team & roles](/help/team-and-roles)
- [Prepare for an ACRA inspection (playbook)](/help/scenarios/prepare-for-inspection)
