How we protect your data.
Security is foundational to a platform handling investment data. Here's how we approach it.
Encryption
All data in transit is encrypted using TLS 1.2+. Data at rest is encrypted using AES-256. Database connections use SSL and are isolated within a private network.
Authentication
We use industry-standard session-based authentication with secure, HttpOnly cookies. Google OAuth is supported alongside email/password. Sessions expire automatically after inactivity.
Access Controls
Access to production infrastructure is restricted to authorized personnel using MFA-enforced accounts. Row-level security is enforced at the database layer, ensuring customer data is fully isolated.
AI Data Handling
Your data sent to AI model providers is processed under data processing agreements that prohibit training on customer data. We do not share portfolio or personally identifying data across customers.
Infrastructure
Our platform is hosted on Vercel and Supabase, both of which maintain SOC 2 Type II certifications. Database backups are taken daily with point-in-time recovery enabled.
Vulnerability Disclosure
If you discover a security vulnerability, please disclose it responsibly by emailing support@finsights.ai. We aim to acknowledge reports within 48 hours and resolve critical issues within 7 days.
For security disclosures or enterprise security reviews, reach out at support@finsights.ai.