We take the security of your financial data seriously. Here is how we protect your information.
All stored data is encrypted using AES-256. This includes financial documents, transaction records, and account information. Encryption keys are managed using Azure Key Vault with automatic rotation.
All data transmitted between your systems and our platform uses TLS 1.2 or higher. We enforce TLS for all API endpoints and enforce certificate pinning where supported.
Our infrastructure runs on Microsoft Azure, leveraging their global security infrastructure, physical data center security, and compliance certifications including ISO 27001 and SOC 2.
Role-based access control (RBAC) with fine-grained permissions. SSO integration support for enterprise plans. Multi-factor authentication available for all users. All access is logged and auditable.
Each organization operates in a fully isolated tenant environment. Cross-tenant data access is architecturally prevented at the database level. Tenant isolation is verified through regular penetration testing.
We comply with the California Consumer Privacy Act. We do not sell personal information. We support consumer rights requests including access, deletion, and opt-out through our privacy team.
Our platform undergoes annual SOC 2 Type II audits by an independent third-party auditor. The audit covers security, availability, processing integrity, confidentiality, and privacy controls. Audit reports are available to enterprise customers under NDA.
We comply fully with the California Consumer Privacy Act. This includes honoring consumer rights to know, delete, and opt out of the sale of personal information. Our privacy policy and data processing agreements reflect these requirements.
While we are focused on the US market, our platform architecture and data handling practices are designed to support GDPR requirements for customers who need them.
Our security program includes automated vulnerability scanning, regular penetration testing by independent security firms, and a formal incident response process. We maintain a bug bounty program for researchers who identify potential vulnerabilities in our platform.
All FinAdvantage AI employees undergo security awareness training and are subject to background checks. Access to production systems is granted on a least-privilege basis and reviewed quarterly.
In the event of a security incident involving your data, we will notify affected customers within 72 hours of confirmation, in accordance with our incident response policy and applicable legal requirements.
If you believe you have found a security vulnerability in our platform, please report it to us immediately. We appreciate responsible disclosure and will work with you to confirm and remediate any issues.
Security Contact
security@finadvantage.online