Security

As financial advisors, we are intimately aware of how important protecting personally identifiable information is.
Here's a rundown of our policies and procedures we have in place to protect you and your clients.

SOC2 Type 2 Certification

We are SOC2 Type 2 Certified. You can find more details and our policy documents in our SOC2 portal using the link below.
Link hosted by 3rd party SOC2 Security Firm

Cyber Insured

We have partnered with WTW and Coalition Active Insurance to ensure comprehensive cyber risk management and extensive protection against cyber threats. This collaboration supercharges our data and systems security, safeguarding your sensitive information.

VAPT Tested

Our Website, Mobile Apps, and Servers have been battle tested by white hat hackers running our Vulnerability Assessment and Penetration(VAPT) Tests.

Data Security

check_circle Data Domicile. Data is stored in US Only, and our entire team is US Based.
check_circle Data is encrypted at rest and during transmission.  
check_circle FinMate AI provides TLS v1.3 Encryption for data in transit, AES-256 encryption for data at rest.
check_circle FinMate AI removes all primary copies of customer data after termination of services, all storage backups are fully deleted after 1 month.
check_circle FinMate AI has customizable data retention policies to fit your company's policies.
check_circle FinMate AI operates firewalls on all external network connections.
check_circle FinMate AI continuously runs security monitoring software on production systems.
check_circle FinMate AI is SOCII Type 2 Certified. You can find more information here.

Deployment

check_circle FinMate AI isolates production data systems from test and development systems.
check_circle FinMate AI utilizes non-routable internal network addresses (RFC1918) and Network Address Translation.
check_circle Proxy servers are used to mediate network connections that cross network boundaries.
check_circle All devices connecting to the network have an approved build/configuration standard.
check_circle FinMate AI prohibits the use of insecure administrative protocols such as Telnet, SNMPv1.
check_circle FinMate AI hosts all infrastructure within Google Cloud Services.
check_circle FinMate AI operates anti-virus/anti-malware controls on all applicable devices.
check_circle Real-Time Updates are provided in regards to anti-virus, anti-malware, and other signature-based solutions updated with the latest signatures.

Employee Security

check_circle All FinMate AI employees are located in the US for data security and architectural integrity.
check_circle All FinMate AI employees sign Privacy + Security Policies, Confidentiality Agreements, NDA and User Agreements.
check_circle As of 2024 FinMate AI has 0 known security breaches.
check_circle As of 2024 FinMate AI has not been the subject of any investigations or Law Suits.

User Security Measures

check_circle All FinMate AI users have unique IDs for all systems and applications.
check_circle User IDs are prevented from containing content indicating their access level.
check_circle FinMate AI operates on a "Lease Access" basis whereby access to any system has to be granted.
check_circle FinMate AI routinely reviews access levels which are periodically reviewed by IT and data owners to ensure individual access rights are appropriate based on job information.

Additional Security Documentation

The Following policies can be requested through our sales team. Please contact us to request.

check_circle SOC 2 Certification
check_circle Operation Security Policy
check_circle Information Security Policy
check_circle Encryption Policy