// Trust & Security Report

    Compass (compassapp.ai) — Financial Intelligence, Inc. logo

    Compass (compassapp.ai) — Financial Intelligence, Inc.

    Compass AI is an AI-powered financial operating system for fractional CFOs, CPA firms, and small-to-mid-sized businesses ($500K–$20M revenue). Integrates with QuickBooks, Xero, FreshBooks for automated cash flow forecasting, custom dashboards, and financial analysis. Founded 2024, 9 employees, early-stage startup.

    Certifications held

    2

    Maturity

    Startup

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    Privacy Policy states Compass 'treats such personal data adequately and in compliance with the relevant regulations' and adheres to GDPR framework; data processors include GDPR-regulated entities (AWS Germany, Salt Edge UK, Plaid Netherlands).

    Verify on compassapp.ai
    CCPA / CPRA
    HELD

    Privacy Policy explicitly states compliance with CCPA/CPRA and state-level privacy laws (Virginia CDPA, Colorado Privacy Act, Nevada statute).

    Verify on compassapp.ai
    > Show 5 unconfirmed / not-held certifications
    SOC 2 Type 1
    NOT CONFIRMED

    No public evidence of SOC 2 certification; privacy policy and terms make no reference to SOC 2 audit.

    source: compassapp.ai
    SOC 2 Type 2
    NOT CONFIRMED

    No public evidence of SOC 2 Type 2 certification; no trust center or audit report found on vendor domain.

    source: compassapp.ai
    ISO 27001
    NOT CONFIRMED

    No mention of ISO 27001 in privacy policy, terms, or security documentation on vendor domain.

    source: compassapp.ai
    HIPAA
    NOT CONFIRMED

    No mention of HIPAA in privacy policy or terms. Product is designed for financial/accounting use, not healthcare; not in scope.

    source: compassapp.ai
    PCI DSS
    NOT CONFIRMED

    No mention of PCI DSS in privacy policy or terms. No evidence of payment card processing or PCI compliance.

    source: compassapp.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Multi-region processing (AWS Germany, Salt Edge UK, Plaid Netherlands, Ars Futura Croatia, Along Peopleware Croatia). No explicit data residency commitment or EU-only guarantee stated.

    No mention of training on customer data in privacy policy or terms. Standard disclaimers on use of service 'as is' with encryption and backups mentioned but no data processing for model improvement stated.

    // Security controls

    Encryption in Transit

    Terms state 'We enforce encryption for data transmission from the public Internet.' The specific protocol (e.g. TLS) and version are not disclosed.

    compassapp.ai

    Encryption at Rest

    Mentions 'backups, redundancies, and encryption' but no specific algorithm or AES standard disclosed.

    compassapp.ai

    Data Processors

    Five identified processors: Ars Futura d.o.o. (Croatia), Amazon Web Services (Germany), Salt Edge Limited (UK), Plaid B.V. (Netherlands), Along Peopleware d.o.o. (Croatia).

    compassapp.ai

    Third-Party Audit / Certifications

    No third-party SOC 2, ISO 27001, or equivalent audit mentioned. Marketing claims 'Bank-level security' without verification.

    compassapp.ai

    // Products & data scope

    Compass AI (Core Platform)Financial Intelligence / Accounting Automation

    data: Connects to QuickBooks, Xero, FreshBooks, and bank accounts for multi-entity financial data consolidation, forecasting, and reporting.

    Targets fractional CFOs, CPA firms, and small-to-mid-sized businesses. No healthcare, no HIPAA. Pricing and exact feature tiers not detailed in public security/compliance docs.

    // What to watch

    • VENDOR MISIDENTIFICATION: Original evidence (compass.com) is a real estate brokerage, not Compass AI. Assessment corrected to reflect compassapp.ai (Financial Intelligence Platform, founded 2024).
    • STARTUP MATURITY: Company founded in 2024 with 9 employees and $564K funding. No security certifications (SOC 2, ISO 27001, HIPAA) held or publicly claimed.
    • OVER-CLAIM: Marketing copy claims 'Bank-level security' without third-party audit evidence or SOC 2 certification to back it.
    • DPA NOT MENTIONED: Privacy policy states 'appropriate agreements with Compass' exist with processors but no Data Processing Agreement is publicly available or linked.
    • DATA RESIDENCY AMBIGUOUS: Multi-region processing confirmed but no explicit EU-only guarantee or GDPR Adequacy/Standard Contractual Clause detail in public docs.
    • ENCRYPTION STANDARDS NOT SPECIFIED: Encryption is mentioned for data in transit and for stored data, but no protocol (e.g. TLS), version, algorithm (e.g. AES-256), or key management detail is disclosed.
    • NO DATA BREACH POLICY: Terms do not detail breach notification procedures, timelines, or regulatory reporting (GDPR Article 33, CCPA Section 1798.150).

    // At a glance

    Pricing model

    Unknown; product is subscription-based SaaS for financial intelligence (specifics not in security/legal pages).

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Compass (compassapp.ai) — Financial Intelligence, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    compassapp.ai

    > Browse all vendor trust reports