AI Model Governance
Fintra builds on frontier models from established providers rather than training its own on your data - and governs that supply chain deliberately. Providers are vetted and contractually barred from training on customer data, prompts and responses are logged under customer-controlled settings, and model changes ship through evaluation gates, not silent swaps.
Model providers and data terms
Every model provider in the Fintra stack is a reviewed subprocessor, onboarded under terms that protect customer data.
- No training on customer data - contractual, provider-side commitments, not just API settings.
- Zero-retention or short-lived retention terms for prompts containing customer data.
- Providers appear in the subprocessor register with advance change notification.
- Provider security posture (SOC 2 reports, data-handling documentation) is reviewed before onboarding and on renewal.
Prompt and response logging controls
AI interactions are logged for debugging, quality, and audit - but under your control. Tenant admins choose the logging level: full prompt/response capture for maximum auditability, metadata-only (timestamps, model, token counts, policy decisions) for minimum data footprint, or redacted capture where sensitive fields are masked before storage. Whatever the setting, AgentFence’s policy decisions and approvals are always recorded, because governance evidence is non-negotiable.
Model versioning and change management
A model swap can change financial outputs, so we treat model versions like code deployments. Every agent pins a specific model version; upgrades run through an evaluation suite of finance-specific tasks (categorization accuracy, calculation fidelity, refusal behavior on out-of-policy requests) before rollout, and the ledger records which model version produced every output. If a regression slips through, we can identify affected outputs precisely and roll back.
AI usage metering and cost governance
You can’t govern what you don’t measure. Fintra meters AI usage per tenant, per agent, and per task - tokens, calls, approvals requested and granted - and exposes it to admins. Metering doubles as a security signal: anomalous usage spikes from an agent trigger review, and hard caps prevent a runaway loop from becoming either a bill or an incident.
Frequently asked questions
Which AI models does Fintra use?
Frontier models from established providers, each vetted as a subprocessor with no-training and limited-retention terms. The current provider list is in our subprocessor register, available on request - and every output is attributed to a specific model version in the ledger.
Is my financial data used to train models?
No. Provider contracts prohibit training on customer data, and prompts are processed under zero- or short-retention terms. Fintra also does not train its own models on customer data.
Can I control what gets logged from AI interactions?
Yes. Admins choose full capture, metadata-only, or redacted logging for prompts and responses. Policy decisions and human approvals are always recorded regardless of the setting.
What happens when you upgrade a model?
Upgrades pass a finance-specific evaluation suite before rollout, agents pin explicit versions, and the ledger records which version produced each output - so changes are deliberate, testable, and reversible.
Questions about model governance?
Our security team answers due-diligence questions directly - documentation, DPAs, and evidence available on request.
Talk to our security team