Security and Reliability Safeguards

Last Updated: Dec 12, 2023

At FinOpps we know that our customers rely on us as an important part of their business processes and record keeping. We take our responsibilities to our customers seriously, and the security and reliability of the software, systems and data that make up the FinOpps application are our top priority.

Security

SSL

All information traveling between your browser and FinOpps is protected from eavesdroppers with 256-bit SSL encryption. The lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating FinOpps and that your data is secure in transit.

Firewalls

The FinOpps application – including your data – rests securely behind firewalls.

Vulnerability scanning

FinOpps’ servers are scanned for vulnerabilities regularly by Sikich LLP, our managed security provider. These scans test our servers both from the Internet and from inside our network, and any newly-identified problems are addressed as quickly as possible.

Strong encryption

FinOpps uses industry standard encryption protocols and practices to responsibly transmit sensitive information (including cardholder data).

Physical security

The FinOpps servers are located in state-of-the-art datacentres, which provide biometric access controls, constant surveillance, redundant power feeds and generators, robust fire suppression, and carefully monitored climate control to protect the servers that store your data and manage your billing.

PCI Compliance and Card Holder Data

Cardholder data should only be input by the user in areas that explicitly require it. FinOpps handles cardholder data in accordance with PCI Data Security Standard requirements.

Where cardholder data storage is required (i.e. automatic payments on recurring templates) FinOpps leverages PCI DSS Level 1 Compliant partners who undergo an annual audit of its infrastructure. In addition, FinOpps maintains its PCI DSS Level 1 compliance and has its audit conducted by an independent third-party on an annual basis. A PCI attestation of compliance (AOC) can be requested to hello@FinOpps.com.

Secure Development Practices

FinOpps developers follow the secure development practices described in OWASP. Furthermore, we subscribe and adhere to the principals of least access.

Breach Notification

If there is a security and/or privacy breach that occurs, we will notify the necessary authorities and impacted customers within the legally required timelines based on the Applicable Data Protection Law.

Reliability

Redundant servers and datacentres

The FinOpps infrastructure uses redundant storage and servers to keep the application and your data available in the case of hardware failure – and another set of servers and storage in a geographically separate datacentre in case our primary datacentre is made unavailable by a disaster or other disruption.

Managed hosting

The FinOpps Application utilizes Google Cloud Platform (GCP) for hosting requirements. With a vast array of clients with varying needs, GCP provides an environment that allows for the fast delivery of features, continued product innovation, reliable security and stability and a reduced chance of downtime.

Backups

The data in your FinOpps account is replicated across multiple database servers in two geographic locations to prevent a single failure from causing data loss. Additionally, that data is backed up nightly to tape and stored in a secure offsite location to ensure that, even in the event of a catastrophe like a tornado or flood, your information will be safe and your records can be quickly restored.

If you have any security concerns or questions please feel free to contact us directly.

Responsible Disclosure of Security Vulnerabilities

If you are a security researcher and think you’ve found a security vulnerability with our service, product, or website please see our responsible disclosure policy page for details on how to report it to us.