GDPR-aligned data handling
Lawful-basis declaration per workflow, data-subject-rights workflow, EU-resident default. Detailed control mapping is available on request in the evidence pack.
Proof / Trust Center
Built for the institutions our customers answer to.
CoreFi is the platform vendor behind agentic banking infrastructure operated by licensed banks, lenders and fintechs across Europe and Latin America. This page summarises how the platform is designed to support the regulatory frameworks our customers operate under — and where to ask for the deeper evidence pack.
Trust posture
Designed to support the frameworks that govern modern banking, payments and AI.
CoreFi is built as platform infrastructure for institutions that have to satisfy European data-protection, payments, operational-resilience and AI-governance expectations. The platform is governed by internal controls and external commitments to those customers; the customer remains the regulated entity before its supervisor. Nothing on this page implies CoreFi holds a banking, payments, crowdfunding or e-money authorisation.
PSD2-compatible workflow design
Strong customer authentication hand-off points, payment-initiation evidence capture, and reviewer approval gates designed to fit a PSD2-licensed deployer's own control framework. CoreFi does not act as a PSU or AISP/PISP; the customer holds the licence.
EU AI Act controls (high-risk posture)
Approval gates, audit trail, human-in-the-loop, model registry and post-market monitoring designed to plug into the deployer's risk-management system. See the AI governance section below.
"Designed to support" means the platform's control surfaces line up with the obligations the licensed customer carries. It is not a certification claim by CoreFi. Independent evidence is available on request.
Data residency
EU-resident by default. Regional deployment for institutions that need it.
CoreFi is operated from the European Union. Production environments and the primary data store run in EU regions, and tenant data, document store and audit log stay inside the EU boundary unless the customer opts otherwise in writing.
EU default
Production workloads, primary database, document store and audit log run in EU regions. Standard Contractual Clauses or equivalent transfer mechanisms apply where any sub-processor sits outside the chosen residency boundary, and the transfer is logged.
Regional / LATAM deployment
Single-tenant deployments designed to keep tenant data and processing in a Latin American region are available on request, scoped to the deploying institution's licensing footprint. Available regions are confirmed during the security review.
Single-tenant option
For institutions that require infrastructure isolation, CoreFi supports single-tenant deployments on the customer's elected hosting partner. Tenancy model, isolation boundary and key-management ownership are agreed during the security review.
Hosting partner names and the current sub-processor list are summarised in the section below and detailed in the evidence pack on request.
Evidence pack
The deep documentation sits behind a security-cleared request.
What we publish is intentionally conservative. The detailed evidence pack — sub-processor list with named vendors, Data Processing Agreement template, encryption and key-management architecture, audit-log specification, incident-response playbook, business-continuity and disaster-recovery procedures, and the current status of any independent attestations under way — is shared under NDA with active buyers. Use the form below to request it.
Trust-pack requests route to a security-cleared inbox, not the general sales queue. We respond on a working-day cadence and confirm next steps before any document moves.
Sub-processors
Who touches tenant data, and in which role.
CoreFi publishes the categories of sub-processors that may process tenant data on behalf of the deploying institution. Named-vendor specifics, regions and processing purposes are kept current in the Data Processing Agreement and the evidence pack; this public summary is updated when categories change.
Cloud / IaaS
Compute, storage and networking for tenant environments. EU primary; regional deployment available on request. Named vendors per region are shared in the evidence pack.
Managed database & object storage
Primary data store, document store and backups. Hosted in the same region as the tenant deployment. Named vendors per region are shared in the evidence pack.
LLM model providers
Model inference for agentic workflows. CoreFi is model-agnostic and per-customer scoped — workloads route to provider-defined regions where per-region routing is available. The audit log records which model produced each agent action.
Email & transactional messaging
Operator notifications and reviewer alerts. EU-primary providers. Named vendors are shared in the evidence pack.
Form & lead intake
Public-website form intake only (no tenant data). EU-hosted. Used for partner applications and trust-pack requests.
Observability & error tracking
Platform telemetry and error aggregation. EU-primary. Named vendors are shared in the evidence pack.
Material changes to this list are notified to customers under the terms of the Data Processing Agreement. Last updated: May 21, 2026.
AI governance
Approval gates, audit trail, human-in-the-loop, model registry — for every agentic workflow.
Agentic AI is treated like any other operator on the platform: scoped to a role, gated by policy before any side effect, logged into the same append-only audit record as human and API actors, and routed to a human reviewer when policy says so. The control surface does not change when the underlying model changes.
Approval gates before any side effect
The agent's structured plan passes through role-permission, customer-consent, transaction-limit, AML, sanctions and model-output guardrails before any API is called. A failed check stops the workflow; nothing reaches the core silently.
One audit record per workflow
Every workflow writes a single append-only record covering trigger, retrieved data, model identifier and context references, structured plan, policy decisions, API calls, side effects on the core, escalations and human approvals. The log is append-only; cryptographic hash-chain verification is wired today for AI Assistant tool calls, with per-workflow extension on the roadmap. Every record is exportable for internal review, external audit and supervisory requests.
Human-in-the-loop is configuration
Workflows declare which steps require a human and what shape the approval takes — single approver, dual control, MLRO sign-off, treasurer authorisation. Monetary actions default to human approval. The reviewer sees the same context the agent saw.
Model registry & model-agnostic control plane
Every model used in a workflow is registered with version, provider and intended scope. The audit log records which model produced each agent action. CoreFi runs governed workflows on Anthropic, OpenAI, Gemini, customer-hosted models, or a mix — the policy engine, audit log and approval flows do not change when the model swaps.
These controls are designed to plug into the deploying institution's risk-management system, post-market monitoring, technical documentation and human-oversight obligations under the EU AI Act for high-risk-system deployments. Mapping of specific articles to specific controls is available on request in the evidence pack.
Incident & disclosure posture
Documented in the DPA, evidenced in the audit log, available on request.
Detailed incident-classification thresholds, customer-notification commitments and supervisory-reporting hand-off points are documented in the customer-specific Data Processing Agreement and walked through during the security review. We do not publish a hard notification-SLA on this page because the right SLA depends on the customer's own regulatory profile.
What we commit to in the DPA
Defined severity classification, on-call rotation, and a customer-notification commitment for incidents affecting confidentiality, integrity or availability of tenant data. Where personal data is affected, notification supports the customer's GDPR Article 33 obligations as the data controller.
Evidence in the audit log
Incident timelines, affected workflows, model and reviewer activity during the incident window, and remediation actions are reconstructible from the append-only audit record. We share the relevant slice with the customer as part of the post-incident pack.
Vendor & sub-processor incidents
Material incidents at a named sub-processor that affect tenant data follow the same customer-notification path. The current sub-processor list is reviewed on a defined cadence as part of the resilience programme.
Specific notification timelines and disclosure commitments are set in the customer's Data Processing Agreement and available on request as part of the security review.
Talk to the team
Take the platform that runs your customers' workflows through your supervisor's questions.
Two paths from here: a written evidence pack under NDA, or a live security review with the people who run the platform.