Security
Your deals stay private.
Discretion is the whole job in advisory. Summex keeps every firm's companies, deals, and contacts separate from every other firm's. Here is exactly how.
Per-firm isolation
Every record is tagged to one firm, and the database refuses to hand it to anyone else. That check runs in the database, not in app code we have to get right on every query, so one firm can never read or change another firm's companies, deals, or contacts.
No back doors
A person's role and which firm they belong to are set on the server and never trusted from the browser, so no one can make themselves an admin or cross into another firm by tampering with a request. Admin-only views enforce the same check server-side — a non-admin who opens one directly sees nothing.
Encrypted in transit and at rest
Your data is encrypted on the way to us and while it sits in the database. Files you import are read inside your own workspace and never sent anywhere else.
Backed up and recoverable
Your data runs on managed Postgres with automatic backups and point-in-time recovery, so it can be restored to any moment. Every change to the database ships as one all-or-nothing step with a tested way to undo it.
A complete record
Every note, email, call, and event is saved against the company and deal it belongs to, with who logged it and when. When a banker leaves, the relationship history stays with the firm.
Run on infrastructure built for it
Summex runs on Vercel and Supabase. Patching, uptime, and the operational hard parts are handled by teams that do only that.
Questions from your security team?
Start a workspace, or reach out and we'll walk you through it.