Last updated: August 2022
We take the security of our customers' data seriously and align ourselves with industry leading approaches to securing that data.
Our servers are protected by high-end firewall systems and scans are performed regularly to make sure that any vulnerabilities are quickly found and patched. We restrict IP access for databases and all development resources.
Access to systems is restricted to specific individuals who have a 'need-to-know' such information and who are bound by confidentiality obligations. Access is monitored and audited for compliance.
All network traffic is encrypted using industry-standard TLS/SSL (Transport Layer Security) to protect customers data. We also encrypt data at rest when stored on our servers using industry best practice such as SHA-2 and AES-256 put in place by Amazon Web Services (AWS).
Our services are hosted in the UK by trusted data centres that are ISO27001, SOC and PCI DSS Level 1 compliant.
We use enterprise grade hosting facilities provisioned, managed and controlled by AWS. The controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits.
flinder has read-only access to your cloud applications and protects your privacy with 2FA (two-factor authentication) and time-limited tokens.
We hold a Cyber Essentials certification, helping us to guard against the most common cyber threats and demonstrate our commitment to cyber security.
The entire business goes through annual cyber security training to further enhance our resilience.
Application penetration tests are performed continuously using AppCheck. Penetration testing results are reported as red, amber or green depending on the severity of the issue identified. We assess the impact of these issues and remediate accordingly.
We back-up our App daily using an AWS server, this includes a snapshot of operational and financial data. We retain these back-ups for seven days and only access them to restore services at a customer's request.
Privacy and GDPR
We will only ever use data for the purpose it is intended and keeping that data secure is of the upmost importance to us. We will only use and process personal data received under instruction from our customers, use this data as intended and delete it when it's no longer needed.
Software and components
Our software is predominantly written in Python and React. Our infrastructure consists of multiple applications and services as shown in the table below.
|Databases and Storage||