Product

What Shoal does

Purpose-built for financial teams who need accurate, auditable, and secure AI — from document-grounded answers to deep multi-step research.

Retrieval-Augmented Generation

Answers grounded in your documents

Shoal doesn't rely on what a model has memorized. It retrieves the most relevant passages from your own document library and constructs a cited, grounded answer — eliminating hallucination.

  • Every answer is traceable to source documents with passage-level citations
  • Advanced HyDE and query expansion for nuanced financial questions
  • Cohere Rerank re-scores passages before the LLM sees them
  • Context-only query mode returns raw retrieved passages without LLM generation
Query: Basel III capital requirements

Retrieved from your documents

Basel_III_Policy.pdfp.14
0.94
Risk_Framework_2024.pdfp.7
0.91
Compliance_Notes.pdfp.3
0.88

Answer: Under Basel III, Tier 1 capital must be at least 6% of risk-weighted assets... [Basel_III_Policy.pdf p.14]

Security

Enterprise security, built in

Every layer of Shoal is designed to protect sensitive financial data — from how tokens are stored to how the API responds when infrastructure is unavailable.

  • AES-256-GCM encryption for all third-party OAuth credentials
  • JWT access tokens held in browser memory only — never written to localStorage
  • Refresh tokens in httpOnly cookies, rotated on every use, revokable server-side
  • Fail-closed JWT revocation: if Redis is unreachable, the token is rejected — not accepted
  • HSTS, CSP, X-Frame-Options, Referrer-Policy, and Permissions-Policy in production

Security layers

Defense in depth

HTTPS / TLS in transit
JWT access token (in-memory only)
httpOnly refresh cookie
AES-256-GCM integration token encryption
Workspace-scoped JWT claims
Redis JTI revocation (fail-closed)
Multi-Tenant Isolation

Your data stays yours

Shoal enforces strict isolation at every layer — from authentication to vector search to file storage. Data bleed between tenants is not possible by design.

  • Every JWT is workspace-scoped. Cross-workspace requests are blocked at the auth layer
  • Pinecone vector namespaces are per-workspace — one tenant's embeddings can't surface in another's search
  • Documents stored in AWS S3 with workspace-level key prefixes
  • DynamoDB partition keys include workspace_id for all application data

Organization isolation model

Meridian Bankisolated

Risk & Compliance

own vector namespace

M&A Advisory

own vector namespace
Atlas Capitalisolated

Research Desk

own vector namespace

Portfolio Mgmt

own vector namespace
Cross-org data accessBlocked at auth layer
Real-Time Streaming

Responses that stream instantly

Chat responses arrive token-by-token via Server-Sent Events. Document processing status is pushed in real-time via WebSocket, so your team always knows when new content is ready.

  • SSE streaming over POST /chat/stream — responses render progressively
  • WebSocket events for document ingestion status, powered by Redis pub/sub
  • Usage and credit headers surfaced per-request for real-time quota visibility
  • Pre-flight credit enforcement — HTTP 402 before any LLM call is made
Live stream activetext/event-stream
Shoal AI

Processing pipeline

Document parsing1.2s
Embedding & indexing2.8s
Semantic retrieval0.3s
LLM generationlive
Frontier Models, Always Current

The best models, your choice

Shoal routes through OpenRouter, giving your team access to the latest frontier models — Claude, Gemini, GPT — without vendor lock-in. Admins set an org-level routing policy and can restrict which models individual projects may use.

  • Claude Sonnet 4.6 and Claude Opus 4.6 available today, with new releases picked up automatically
  • Gemini 3.1 Pro and GPT 5.2 as additional routing options
  • Org-level policy: cost optimised, balanced, or quality enforced
  • Per-project allowed model lists — restrict sensitive projects to approved models only

Model routing

Via OpenRouter

Live

Claude Sonnet 4.6

Anthropic

Default

Claude Opus 4.6

Anthropic

Highest quality

Gemini 3.1 Pro

Google

Fallback

GPT 5.2

OpenAI

Available

Org routing policy

Cost optimisedBalancedQuality enforced
Deep Research

Multi-step research, not just chat

Deep Research is a distinct mode that goes beyond a single prompt. It plans a research strategy, asks clarifying questions, crawls the web and academic sources, cross-references your documents, and produces a cited, downloadable report.

  • Clarification step ensures the research question is scoped before any work begins
  • Two profiles: Technical / Academic and Current Events & News
  • Web crawl via Firecrawl combined with academic search — external sources cited alongside internal documents
  • Final output is a structured markdown report, downloadable and shareable with your team

Deep Research

Multi-step web + document synthesis

Clarification questions sent
Research plan generated
Web crawl — 14 sources gathered
Academic search complete
Synthesising findings…
Markdown report
Technical / Academic·Current events
↓ .md export
Projects & Knowledge Management

Organized for how your firm works

Projects give each team their own AI workspace — a curated document set, a conversation history, and a set of members with distinct roles. Chats, Agent mode, and Deep Research all run inside the project's knowledge boundary.

  • Six project roles: Owner, Admin, Editor, Contributor, Viewer, and Guest
  • Custom system instructions per project — tailor AI behaviour for M&A, risk, or research desks
  • Document classification: Internal, Confidential, or Restricted — enforced at the project level
  • Collections for cross-project document organisation, with hierarchical nesting
  • Archive, restore, and freeze controls for audit and governance workflows

M&A Advisory

Project · 57 docs · Confidential

Active

Select mode

💬

Chat

General AI conversation

🔍

Agent

Answers from your documents

🔬

Deep Research

Multi-step synthesis

Members

JK
Owner
ML
Editor
RT
Viewer