Enterprise-grade protection for your retirement plan data
β
All Systems Secure
Your data is protected with enterprise-grade security and never used for AI training.
π API-First Architecture β Not a Chatbot
Fund(k) connects to Anthropic's enterprise API, not consumer chatbots. Your data is never used for training, never stored in shared conversation logs, and never reviewed by humans. Fund scoring data comes from SEC EDGAR and Yahoo Finance β public, verifiable sources only.
How Your Data is Protected
π
Your CSV
β
π₯οΈ
Browser
β
π
TLS 1.3
β
βοΈ
Cloudflare
β
π
Scores
β
ποΈ
Auto-Delete
Core Security Features
π«
Zero Training Guarantee
Anthropic's enterprise API never uses your inputs or outputs to train models. Contractually guaranteed.
π
End-to-End Encryption
AES-256 at rest, TLS 1.3 in transit. Data encrypted at every stage via Cloudflare's edge network.
β±οΈ
Zero Data Retention
Anthropic offers Zero Data Retention (ZDR). AI queries are processed and immediately discarded β nothing stored.
ποΈβπ¨οΈ
No Human Review
Unlike consumer chatbots, enterprise API data is never reviewed by humans at Anthropic.
Compliance Certifications
π
SOC 2Type II Certified
π
ISO 27001Information Security
π₯
HIPAABAA Available
πͺπΊ
GDPRCompliant
πΊπΈ
CCPACompliant
π‘ Tip: See the Compliance tab for detailed regulatory alignment information.
Fund(k) uses Anthropic's enterprise Claude API exclusively. Your data is never used for training and has strict retention limits.
Consumer Chatbot vs. Enterprise API
Security Aspect
Consumer Chatbots
Enterprise API (What We Use)
Training on your data
β May train on conversations
β NEVER trains on your data
Data retention
β Stored indefinitely
β Zero Data Retention available
Human review
β May review for quality
β No human review of content
Privacy policies
β Consumer privacy terms
β Enterprise DPA / BAA available
Compliance
β Limited certifications
β SOC 2, ISO 27001, HIPAA-ready
Our AI Provider
Claude
Anthropic Claude
Claude Opus 4.6 API
SOC 2 Type IIISO 27001HIPAA
Zero Data Retention (ZDR) option
No training on API data β ever
30-day max retention (without ZDR)
Enterprise DPA available
Used for AI chat assistant only β scoring is algorithmic
π‘ Note: Fund(k) scores are calculated entirely algorithmically from SEC and Yahoo Finance data. The AI assistant is optional and only used for conversational queries about fund data β it does not influence scores.
π How Your Data Flows
Understanding exactly what data is sent where gives you confidence in our security architecture.
Fund(k) Secure Processing Pipeline
π
Your CSV
Ticker + assets
β
π₯οΈ
Browser
Parse locally
πβ
βοΈ
Cloudflare
D1 + Workers
πβ
π
Fund Scores
Pre-computed
β
π
Analysis
In your browser
π¦ What Data Is Sent
β
Ticker Symbols Only
Portfolio uploads send only fund tickers to our API. Pre-computed scores are returned. No participant data, no plan sponsor info.
π
Encrypted in Transit
All data uses TLS 1.3 encryption between your browser and Cloudflare's edge network.
π
Pre-Computed Scores
Fund scores are computed offline from SEC/Yahoo data and stored in Cloudflare D1. No real-time AI processing of your fund data.
ποΈ
Nothing Stored
Your portfolio CSV is parsed in-browser and never uploaded to any server. Analysis happens entirely client-side.
β οΈ Important: Your CSV file is parsed locally in your browser. Only ticker symbols are sent to our API to retrieve pre-computed scores. No files are uploaded or stored.
βοΈ Regulatory Compliance
βοΈ
ERISA
Designed for fiduciary compliance. 100% quantitative scoring supports prudent process documentation. No conflicts of interest or proprietary fund bias.
ποΈ
DOL Fiduciary Rule
Transparent methodology and reproducible scores align with DOL's emphasis on documented, objective investment monitoring processes.
π
DOL Cybersecurity
Aligned with DOL's cybersecurity guidance for plan fiduciaries. Encryption, access controls, and incident response documented.
πͺπΊ
GDPR
Data minimization by design. No PII collected. No unnecessary retention. Clear data processing purposes.
β Security Controls Implemented
π Fund(k) Security Checklist
β No PII collected or stored
β Encrypted transmission (TLS 1.3)
β No AI training on plan data
β SOC 2 Type II certified providers
β Zero revenue sharing influence
β Open, reproducible methodology
π Documentation: For fiduciary due diligence, SOC 2 reports are available under NDA from Anthropic's trust center.
β Frequently Asked Questions
No. Fund(k) uses Anthropic's enterprise API tier. API data is NOT used to train models. Contractually guaranteed. Additionally, fund scores are computed offline β AI is only used for the optional chat assistant.
Your portfolio CSV is parsed in-browser and never uploaded. Only ticker lookups hit our API. AI chat queries use Anthropic's Zero Data Retention β processed and immediately discarded.
No. Enterprise API data is NOT subject to human review. Only automated systems process the data briefly before deletion.
None. Fund(k) only works with fund-level data (tickers, expense ratios, returns). No participant SSNs, names, balances, or any PII is ever collected, processed, or stored.
Scores are computed offline using a Python pipeline that pulls data from SEC Form N-PORT and Yahoo Finance. Pre-computed scores are stored in Cloudflare D1 and served via API. No real-time AI is involved in scoring.
Yes. Fund(k) receives zero revenue sharing, has no fund company partnerships, no proprietary fund preferences, and no qualitative overrides. All 1,624 funds are scored identically using the same 20 quantitative metrics. See the Conflict-Free Commitment in the sidebar for details.
Anthropic: SOC 2 Type II, ISO 27001, HIPAA BAA available. Cloudflare (infrastructure): SOC 2 Type II, ISO 27001, PCI DSS Level 1, FedRAMP.