Security at Fin
We know you care about the security of your Fin account. So do we. Maintaining the security and privacy of our users’ data is our utmost concern, and we recognize that our brand and the success of our company are deeply tied to your trust in us and in our ability to keep your information secure. Just like any good assistant, if you can’t trust us, we can’t do a great job for you. And if we cannot keep your information secure, we know we will fail. Put another way, violating our users’ trust is an existential threat to our company's longevity.
When we think about security at Fin, we are driven by one simple rule: We don’t ask anything of our users that we aren’t willing to do ourselves. We wouldn’t, for example, expect you to place sensitive information (like credit card and social security numbers) in the Vault if we would not do it ourselves.
In addition to our “golden” rule of security, we are committed to doing the following to keep your info secure:
We are committed to building on top of industry leading services (like Amazon Web Services) who have proven track records and significant resources to devote to security.
We are committed to encrypting data stored on our servers, including items placed in the Vault.
We are committed to requiring our employees to use two-factor authentication (including when an agent accesses your information through our internal dashboard).
We are committed to keeping audit trails, and logging every time a Fin agent accesses your information.
We are committed to transparency, which is why you can see when an agent accesses information you place in the vault.
And we are committed to applying the principles of security in depth and least privilege so that if certain data becomes vulnerable, other data will not be impacted.
But perhaps most importantly, we recognize that security is a task we can never simply check off as done, and are committed to continue our investment in making our systems more secure.
If you think you may have found a security vulnerability within Fin, or have any suggestions or additional questions, please email us at email@example.com.