What Shoal does
Purpose-built for financial teams who need accurate, auditable, and secure AI — from document-grounded answers to deep multi-step research.
Answers grounded in your documents
Shoal doesn't rely on what a model has memorized. It retrieves the most relevant passages from your own document library and constructs a cited, grounded answer — eliminating hallucination.
- Every answer is traceable to source documents with passage-level citations
- Advanced HyDE and query expansion for nuanced financial questions
- Cohere Rerank re-scores passages before the LLM sees them
- Context-only query mode returns raw retrieved passages without LLM generation
Retrieved from your documents
Answer: Under Basel III, Tier 1 capital must be at least 6% of risk-weighted assets... [Basel_III_Policy.pdf p.14]
Enterprise security, built in
Every layer of Shoal is designed to protect sensitive financial data — from how tokens are stored to how the API responds when infrastructure is unavailable.
- AES-256-GCM encryption for all third-party OAuth credentials
- JWT access tokens held in browser memory only — never written to localStorage
- Refresh tokens in httpOnly cookies, rotated on every use, revokable server-side
- Fail-closed JWT revocation: if Redis is unreachable, the token is rejected — not accepted
- HSTS, CSP, X-Frame-Options, Referrer-Policy, and Permissions-Policy in production
Security layers
Defense in depth
Your data stays yours
Shoal enforces strict isolation at every layer — from authentication to vector search to file storage. Data bleed between tenants is not possible by design.
- Every JWT is workspace-scoped. Cross-workspace requests are blocked at the auth layer
- Pinecone vector namespaces are per-workspace — one tenant's embeddings can't surface in another's search
- Documents stored in AWS S3 with workspace-level key prefixes
- DynamoDB partition keys include workspace_id for all application data
Organization isolation model
Risk & Compliance
M&A Advisory
Research Desk
Portfolio Mgmt
Responses that stream instantly
Chat responses arrive token-by-token via Server-Sent Events. Document processing status is pushed in real-time via WebSocket, so your team always knows when new content is ready.
- SSE streaming over POST /chat/stream — responses render progressively
- WebSocket events for document ingestion status, powered by Redis pub/sub
- Usage and credit headers surfaced per-request for real-time quota visibility
- Pre-flight credit enforcement — HTTP 402 before any LLM call is made
Processing pipeline
The best models, your choice
Shoal routes through OpenRouter, giving your team access to the latest frontier models — Claude, Gemini, GPT — without vendor lock-in. Admins set an org-level routing policy and can restrict which models individual projects may use.
- Claude Sonnet 4.6 and Claude Opus 4.6 available today, with new releases picked up automatically
- Gemini 3.1 Pro and GPT 5.2 as additional routing options
- Org-level policy: cost optimised, balanced, or quality enforced
- Per-project allowed model lists — restrict sensitive projects to approved models only
Model routing
Via OpenRouter
Claude Sonnet 4.6
Anthropic
Claude Opus 4.6
Anthropic
Gemini 3.1 Pro
GPT 5.2
OpenAI
Org routing policy
Multi-step research, not just chat
Deep Research is a distinct mode that goes beyond a single prompt. It plans a research strategy, asks clarifying questions, crawls the web and academic sources, cross-references your documents, and produces a cited, downloadable report.
- Clarification step ensures the research question is scoped before any work begins
- Two profiles: Technical / Academic and Current Events & News
- Web crawl via Firecrawl combined with academic search — external sources cited alongside internal documents
- Final output is a structured markdown report, downloadable and shareable with your team
Deep Research
Multi-step web + document synthesis
Organized for how your firm works
Projects give each team their own AI workspace — a curated document set, a conversation history, and a set of members with distinct roles. Chats, Agent mode, and Deep Research all run inside the project's knowledge boundary.
- Six project roles: Owner, Admin, Editor, Contributor, Viewer, and Guest
- Custom system instructions per project — tailor AI behaviour for M&A, risk, or research desks
- Document classification: Internal, Confidential, or Restricted — enforced at the project level
- Collections for cross-project document organisation, with hierarchical nesting
- Archive, restore, and freeze controls for audit and governance workflows
M&A Advisory
Project · 57 docs · Confidential
Select mode
Chat
General AI conversation
Agent
Answers from your documents
Deep Research
Multi-step synthesis
Members