Security & privacy
A place to discuss someone's whole financial life has to be private. Each client's data is encrypted on their device with a key derived from a master password we never see. The server stores ciphertext only. No one at Atrium can decrypt a transaction, a balance or a note. Neither can a court order that compels us to try.
For an FCA-regulated firm, that makes data handling far simpler to explain to clients.
No one at Atrium can decrypt it. Neither can a court order that compels us to try.
The promise, in one sentence
Every record — transactions, balances, retailers, retirement assumptions, account names, notes — is encrypted on the client before it crosses the network. The decryption key never leaves the client. The server holds ciphertext and authentication metadata; nothing else.
The cryptography
There's no bespoke cryptography here and nothing home-grown — just well-understood modern algorithms, composed the way the libsodium documentation recommends.
Threat model
Atrium defends against the kinds of breach that make the news. It can't defend against everything — the columns below set out exactly where the line falls.
Compliance
Atrium was built for UK advice firms from the start. The regulatory posture comes straight out of the architecture.
Atrium's whole-household view directly supports Consumer Duty's "consumer understanding" outcome — clients see their financial life clearly, not just their portfolio. Audit-quality activity logs available to your compliance team.
Data minimisation is structural: we cannot store more than we can read. Subject access requests return the encrypted record set plus any decryption support your firm chooses to provide. Right-to-erasure is a single API call.
Reporting export hooks designed for the formats your back-office team already produces. White-labelled per firm; data extracted via your firm's authenticated bridge, not ours.
All Atrium infrastructure runs in UK regions. No data crosses borders unless your firm explicitly enables an international integration. In a shared atrium, zero-knowledge means even a neighbouring firm's data is unreadable; in your own atrium, you also get single-tenant physical isolation.
Coming Soon SOC 2 Type II and ISO 27001 audits scheduled for completion ahead of general availability. We'll publish reports on request to firms in active evaluation.
Coming Soon Annual third-party penetration tests, with summary reports available under NDA to firms with active deployments.
How Atrium differs
moneyinfo, Plannr, Wealthcraft and the rest assume the vendor can read the data — it's how their integrations, reports and AI features work. Atrium starts from the opposite assumption. That makes a few features harder for us to build, and a few of ours impossible for them to copy.
The last row is the real trade-off: server-side AI that needs plaintext can't run on Atrium. We do AI on the client instead, local-first, so the data never crosses the network unencrypted. For most firms that's the right shape.
Have a security or compliance team?
Bring your IT lead, your compliance officer, your DPO — we'll walk through the architecture, hand over the threat model, and answer the technical questions head-on. NDAs available on request.
Book a security walk-through →