Encryption, compliance, and security measures in detail.
Security is foundational to Finaps. Here is exactly how we protect your financial data.
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. For sensitive financial fields (account numbers, balances, transaction amounts), we use MongoDB Client-Side Field Level Encryption (CSFLE). This means the data is encrypted before it even leaves your device and can only be decrypted by authorized keys — not even our database administrators can read the raw values.
Passwords are hashed using bcrypt with a work factor of 12. Authentication uses RS256 JWT tokens with a 15-minute access token lifespan and 30-day refresh tokens with rotation. Each login creates a new session that can be individually revoked. We support biometric authentication (Face ID, Touch ID, fingerprint) and optional passcode lock.
Finaps is GDPR-compliant by design. You can export all your data at any time (Settings → Export Data). You can delete your account and all associated data (Settings → Account → Delete Account). We do not sell, share, or monetize your personal or financial data. Our data processing is limited to providing the service you signed up for.
Finaps runs on MongoDB Atlas (SOC 2 Type II compliant), uses Plaid for bank connections (SOC 2 Type II, no credential storage on our side), and is hosted behind Cloudflare for DDoS protection. All API endpoints are rate-limited to prevent abuse.
Our support team typically responds within 24 hours (4 hours for Pro subscribers).
support@finaps.co