Start free

Security

How FinButler approaches encryption, authentication, and operational practices designed to protect your financial data.

Your Data is Protected

We layer multiple controls — encryption, access scoping, monitoring, and operational practices — to help keep your financial information safe and accessible only to authorized users.

Encryption in Transit and at Rest

Customer data is encrypted in transit using modern TLS and at rest where supported by our infrastructure providers.

  • TLS for browser and API traffic
  • Encryption at rest where supported
  • Database backups managed in encrypted storage

Secure Authentication

We use SuperTokens for session management with secure password hashing and rate-limiting controls on authentication endpoints.

  • SuperTokens session management
  • Modern password hashing via SuperTokens
  • Rate limiting on login attempts

Hosted Infrastructure

FinButler is hosted on managed cloud infrastructure with regular database backups and basic availability monitoring.

  • Availability monitoring on core services
  • Regular database backups
  • Managed cloud hosting

Security Review Practices

Our application development is informed by OWASP Top 10 guidance, with internal review and automated dependency scanning.

  • OWASP Top 10 considerations during development
  • Automated dependency vulnerability scanning
  • Internal code review on security-sensitive changes

Access Control

Role-based access control ensures that only authorized users can access specific features and data within your account.

  • Team role-based permissions
  • Session timeout protection
  • IP-based access logging

Data Privacy

Your data belongs to you. We never sell your information and provide tools to export or delete your data at any time.

  • No data selling or sharing
  • One-click data export
  • Account deletion available

Security Practices

Monitoring & Incident Response

We monitor core services for availability and unusual activity, and we operate documented incident response procedures.

  • Application and infrastructure monitoring
  • Automated alerting on key services
  • Documented incident response procedures

Internal Access Controls

Internal access to production systems is limited to people who need it for their role and is tracked through our access management process.

  • Principle of least privilege for production access
  • Access reviewed when responsibilities change
  • Ongoing security awareness for the team

Report Security Issues

If you discover a security vulnerability, please report it responsibly. We take security seriously and will respond promptly to all reports.

Responsible Disclosure

Please email security concerns to security@finbutler.ai. Include detailed information about the vulnerability and steps to reproduce it. We will acknowledge receipt within 48 hours and work with you to address the issue.

What to Include

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if available)

Questions About Security?

We're here to help. Contact our security team with any questions or concerns.

security@finbutler.ai View Privacy Policy
Back to Home