FINAUR
Skip to content

Your data, protected with discipline

Encryption, access control, monitoring, and audit layers are built into the platform. This page summarizes what is active today and how we operate.

Uptime target

99.9%

Backups and recovery

PITR, RPO 15 min, RTO 60 min

Encryption

TLS 1.3 and AES 256

Pen test

Date to be published

Data protection

Safeguards for personal data, trading logs, journals, and Discipline Score inputs.

  • TLS 1.3 for all transport
  • AES 256 at rest for databases and objects
  • Field level encryption for sensitive attributes
  • Secrets in managed vaults with rotation
  • Private networking between services
More detail
  • Preferred ciphers and HSTS enabled
  • Key rotation policy documented and reviewed

Access control

Least privilege for users, staff, and services.

  • Role based access with Row Level Security
  • Short lived sessions with secure cookies
  • Two factor authentication available
  • Admin access with hardware keys

Infrastructure resilience

Uptime and recovery practices for continuous service.

  • Managed databases with point in time recovery
  • Automated backups with restore tests
  • Autoscaling workers for scoring and backtests
  • Rate limiting and abuse controls on public endpoints

Monitoring and audit

Visibility and traceability for security events.

  • Centralized logs with tamper evidence
  • Audit trail for reports, strategies, and score versions
  • Alerts on anomalies in authentication and access
  • Scheduled access reviews for staff accounts

Privacy and compliance

User rights and regulatory posture for personal data.

  • Consent management for analytics and communication
  • Data export or deletion on request within legal time frames
  • Vendor DPAs for payments and analytics
  • Retention schedule with periodic review

Incident response

Preparedness and clear communication when issues occur.

  • Runbooks for detection, containment, recovery
  • User notifications for incidents that affect confidentiality or integrity
  • Post incident reviews with corrective actions

Report suspected issues to security@finaur.com. Acknowledge within two business days and initial triage within five business days. Please avoid accessing other user data and avoid service disruption.

Vendors and DPAs

Processors under Data Processing Agreements.

Vendor Purpose Data location DPA status
Stripe Payments and subscription billing EU and US Signed
Supabase Postgres and authentication EU region Signed
PostHog Product analytics with consent EU self host or EU cloud Signed

Security changelog

  • 2025 09 05

    Added Row Level Security to new journal tables and rotated API keys.

  • 2025 08 20

    Enabled strict Content Security Policy and upgraded TLS configuration.