Marengo FinanceClient onboardingMarengo Finance
PricingDemoTrial
Trust and Security

Security posture that stands up better in diligence and regulator conversations.

Last updated March 20, 2026. This page explains the practical security controls built into the current product and where customer-side governance or formal audit work is still required.

PII Handling

Sensitive identity values are collected sparingly, encrypted when stored, and no longer duplicated into full raw-intake snapshots. Demo flows are designed around minimum necessary data instead of full credential collection.

Access Controls

Portal access is session-scoped, role-aware, and cookie-protected. Sessions now use stricter cookie attributes, shorter lifetimes, and idle timeout enforcement to reduce stale privileged access.

Auditability

The product maintains audit logs, lifecycle events, and review-state changes for operational traceability. This supports customer oversight and helps firms evidence key workflow events during diligence.

Secure Review Workflow

The onboarding flow pushes identity review toward dedicated compliance tooling when configured, instead of encouraging raw document links inside the form itself. Admin views show whether data exists without unnecessarily rendering plaintext sensitive values.

Compliance Boundary

Stronger controls, not fake guarantees.

Code hardening is not the same thing as a completed SOC 2 examination. Formal attestation requires an auditor, a defined control environment, evidence collection, and operating effectiveness over time.

Product features do not make any customer automatically compliant with SEC, FTC, FINRA, state privacy, or breach-notification requirements. Customers still need contracts, notices, policies, training, vendor oversight, and legal review.

No software vendor can make a regulated workflow immune from lawsuits. The realistic goal is stronger controls, clearer disclosures, and better evidence when something is reviewed.

Diligence Contacts
Security: hello@marengofinance.com
Trust and diligence: hello@marengofinance.com
Use the contact above for security questionnaires, architecture reviews, and vendor diligence requests.

Looking for the broader diligence packet? Start in the Trust Center, then review the Privacy Policy and Terms.

Data-subject requests can be submitted through the privacy request form.

Canonical reference: https://marengofinance.com/security