Security and Trust

Your book is yours. We built it that way.

Dayonik was engineered as a self-hostable platform right from the start. Whether you run it hosted or inside your own network, the same principles hold. There is least privilege, an append-only audit trail and no data that you have not chosen to share.

DATA

Self-host or hosted

Run on SQLite for a single node, or on PostgreSQL for production. When you self-host, your holdings and your trades never leave your database.

ACCESS

Role-based access control

Every finance action is permission-gated. Because access is owner-scoped, each user only ever sees their own portfolios, strategies and reviews.

AUDIT

Append-only audit trail

Sensitive actions, from trades to scheduled reviews and rebalance signals, are written to an append-only log by design.

SESSIONS

Hardened auth

There is a shared session store, a distributed failed-login lockout across every instance and per-client rate limiting whenever you configure it.

DESKTOP

Sandboxed clients

The desktop app runs with a locked-down renderer and a marshalled bridge, so the interface never holds a direct handle to your data.

MONEY

Correct by construction

Money is rounded to currency precision, and trades use compare-and-set concurrency, so a lost update turns into a retryable conflict rather than a silent error.

This page describes the platform's architecture. Formal certifications such as SOC 2 are represented here once completed.

Read the security details.