Security That Compliance Teams Trust

M&A data is sensitive. People go to prison for leaking it. We built Dealspace with security as the foundation, not an afterthought.

SOC 2

Self-Assessed · Type II in progress

FIPS 140-3

Validated encryption

EU

GDPR

Compliant processing

ISO 27001

Certified ISMS

Encryption

FIPS 140-3 Validated Cryptography

We use the same encryption standards required by US federal agencies. Your deal data is encrypted with AES-256-GCM using FIPS 140-3 validated cryptographic modules.

Per-Deal Encryption Keys

Each deal has its own encryption key derived from a master key. One deal's compromise does not affect others.

Encryption at Rest

All data encrypted before it touches disk. File content, metadata, comments — everything.

Encryption in Transit

TLS 1.3 for all connections. Certificate pinning for mobile apps. No data travels unencrypted.

MASTER KEY HSM Protected Deal A Key AES-256-GCM Deal B Key AES-256-GCM Deal C Key AES-256-GCM Encrypted Storage 0x8f2a... 0x3c71... 0xd9e4... ...
john.smith@pe-firm.com 2026-02-28 14:32:15 UTC CONFIDENTIAL DYNAMIC
Leak Prevention

Dynamic Watermarking

Every document is watermarked with the viewer's identity at serve time. If a document leaks, you know exactly who leaked it.

  • Generated per-request

    Watermark includes user email, organization, timestamp, and deal ID.

  • All file types

    PDF, Word, Excel, images, video. Protection adapts to the format.

  • Configurable per project

    Control watermark content, position, and visibility.

Access Control

Defense in Depth

Multiple layers of protection. Every access decision goes through the same choke point. No exceptions.

Single Sign-On

SAML 2.0 and OIDC support. Integrate with your existing identity provider. Enforce your organization's auth policies.

Multi-Factor Auth

TOTP, hardware keys (FIDO2), SMS backup. MFA required for all access, no exceptions.

Role-Based Access

Workstream-level permissions. IB, Seller, Buyer roles with configurable scopes. Least privilege by default.

Session Management

Short-lived tokens. Single active session per user. Immediate revocation on access changes.

IP Allowlisting

Restrict access by IP range. Corporate network only, or specific buyer locations.

Download Controls

Disable downloads entirely, or allow view-only access. Configurable per document or project-wide.

Audit Trail

Complete Accountability

Every action is logged. Access grants, file views, downloads, status changes — all recorded with actor, timestamp, and IP address.

Real-time activity monitoring
Exportable audit reports
Anomaly detection alerts
7-year retention for compliance
# Recent audit events
14:32:15
VIEW john.smith@pe-firm.com
FIN-002-revenue-breakdown.xlsx
14:31:42
DOWNLOAD sarah.jones@ib.com
LEG-015-ip-schedule.pdf (watermarked)
14:30:18
GRANT admin@seller.com
Added buyer_member: mike@strategic.com
14:29:55
PUBLISH analyst@ib.com
FIN-003 → Data Room (3 buyers notified)
Infrastructure

Enterprise-Grade Infrastructure

Dedicated infrastructure, redundant storage, continuous monitoring. Your deal data deserves nothing less.

99.99%
Uptime SLA
3
Geographic Regions
24/7
Security Monitoring
<15min
Incident Response

Questions About Security?

Talk to our security team. We are happy to answer technical questions and provide documentation.

Contact Security Team Request Demo