Security statement

Last updated: March 2024

We take the security of our customers' data seriously and align ourselves with industry leading approaches to securing that data.

Data security

Our servers are protected by high-end firewall systems and scans are performed regularly to make sure that any vulnerabilities are quickly found and patched. We restrict IP access for databases and all development resources.

Access to systems is restricted to specific individuals who have a 'need-to-know' such information and who are bound by confidentiality obligations. Access is monitored and audited for compliance.

All network traffic is encrypted using industry-standard TLS/SSL (Transport Layer Security) to protect customers data. We also encrypt data at rest when stored on our servers using industry best practice such as SHA-2 and AES-256 put in place by Amazon Web Services (AWS).

Our services are hosted in the UK by trusted data centres that are ISO27001, SOC and PCI DSS Level 1 compliant.

We use enterprise grade hosting facilities provisioned, managed and controlled by AWS. The controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits.

flinder has read-only access to your cloud applications and protects your privacy with 2FA (two-factor authentication) and time-limited tokens.

Cyber security

Our application employs state-of-the-art security measures, including end-to-end encryption, regular security audits, and compliance with the UK’s Data Protection Act 2018 and GDPR guidelines.

We are dedicated to safeguarding our users' information against cyber threats through implementing best practices in cybersecurity. Our team is committed to maintaining the highest standards of security, providing our users with a safe, reliable, and secure experience.

The entire business goes through annual cyber security training to further enhance our resilience.

Penetration testing

Application vulnerability scanning is performed continuously using Snyk. Vulnerability testing results are reported as red, amber or green depending on the severity of the issue identified. We assess the impact of these issues and remediate accordingly.

Data retention

We back-up our App daily using an AWS server, this includes a snapshot of operational and financial data. We retain these back-ups for seven days and only access them to restore services at a customer's request.

Privacy and GDPR

We will only ever use data for the purpose it is intended and keeping that data secure is of the upmost importance to us. We will only use and process personal data received under instruction from our customers, use this data as intended and delete it when it's no longer needed.

For information concerning your personal data, how we collect, process and retain it, please see our Privacy policy.

Software and components

Our software is predominantly written in Python and React. Our infrastructure consists of multiple applications and services as shown in the table below.

Component Description
Hosting systems
  • AWS EC2 environment
  • Ubuntu
Databases and Storage
  • PostgreSQL
  • Amazon S3
Network infrastructure
  • Firewalls
  • Reverse proxy server
Monitoring systems
  • AWS security patch automation
Key management