Built for the sensitive data you hold
Corporate secretarial firms hold identity documents, beneficial ownership and financial data. Board360 is designed around protecting it — isolation, masking and auditability at the core.
Security designed in, not added on
Tenant isolation by row-level security
Every firm's data is isolated at the database with PostgreSQL row-level security keyed to your tenant. Isolation is tested automatically in CI, and the build fails if any table is left unprotected.
NRIC/FIN masking by default
Sensitive identifiers are masked everywhere they appear — in the UI, exports and generated documents. Revealing a full identifier is permission-gated and written to the audit trail.
Immutable audit trail
Privileged actions are recorded to an append-only log — who did what, when, and what changed — across staff, client, platform and AI actors, with tamper-evident design.
Multi-factor authentication
Staff accounts sign in with email and password or magic link, with TOTP multi-factor authentication required for firm users.
Controlled break-glass access
Platform support has no standing access to your client data. Any support access is read-only by default, dual-controlled for KYC/UBO and financial data, time-boxed, logged, and surfaced to your Tenant Admin.
Singapore data residency
Application and data are hosted in Singapore by default, aligned to how Singapore CSPs are expected to handle client information.
AI you can put in front of a regulator
Automation is only useful if it’s safe. Board360’s AI layer is built for a regulated practice from the ground up.
- AI acts only through a typed, permissioned tool registry — never directly on the database
- Every action is tenant-scoped, schema-validated and injection-resistant
- Risk-tiered approval: draft, single sign-off, or dual control
- No autonomous statutory actions — humans always decide and sign
- Cost-budgeted, kill-switchable, and fully audited with decision traces
PDPA-aware by design
Board360 is built to fit the Personal Data Protection Act and the way Singapore firms are expected to steward client data.
- Your firm is the Data Controller; Board360 acts as a Data Intermediary (processor)
- Configurable retention per record type — KYC records kept at least five years
- Data export and deletion workflows that honour PDPA obligations
- A maintained list of sub-processors, with notice of changes
Board360 is an enabling tool: each firm remains responsible for its own regulatory compliance. We’re happy to walk your compliance team through our architecture, sub-processors and controls in detail during evaluation.
Run a compliant, modern corporate secretarial practice
See how Board360 brings your entities, deadlines, KYC/AML and client service into one system of record.