Much of the information our users give us is necessary for finappster to function. All data we collect is given a classification. This tells us how sensitive the information is, and informs what type of protections we need to put around it. Once we have a classification, we take measures to keep it safe.

‍

For information that isn't necessary for finappster to function (i.e. info we are holding because we are required by law and only used in instance of audit or similar) we apply encryption to help make sure that in the absolute worst-case scenario where all our other security protection is comprised that this most sensitive customer data remains inaccessible.

‍

For the remainder of the information, we rely on a set of security protections that break into two parts.

1. technical - we follow best practice in terms of securing finappster, servers that host our app and the access to the database that holds the data, and
2. procedural - relates to a set of rules that relates to how our staff access and treat data, because we recognising that half of security is making sure that your technical protections are not accidentally subverted by a well-meaning staff member doing something accidentally. Under procedural, we also select our vendors with care. For example, Stripe our credit card processor who are not only well-known and well-regarded but also offer strong security features that we are able to make use of so that we do not need to see or handle our customers' credit card information.

‍

These protections as a whole from our information security policy.