Security at SupportFinity
Protecting customer data is fundamental to our business. This page summarizes the practices and controls we use to keep your data secure. Detailed documentation is available to qualified parties under NDA.
Infrastructure
SupportFinity runs on Google Cloud Platform with workloads hosted in the United States. Production services are deployed on managed, containerized infrastructure with isolated environments for staging and production.
- ›Managed compute with automatic patching
- ›Private networking between application and data tiers
- ›Secrets stored in a managed key-management service, never in source code
Data protection
Customer data is encrypted in transit and at rest by default.
- ›TLS 1.2+ for all network traffic
- ›AES-256 encryption at rest for databases, caches, and backups
- ›Regular automated backups with documented restore procedures
Application security
Security is built into our development lifecycle, not bolted on afterwards.
- ›Google CASA-verified application security
- ›Mandatory peer code review for all production changes
- ›Static analysis and dependency vulnerability scanning in CI
- ›Separate staging environment for pre-production testing
Access control
Access to production systems and customer data follows the principle of least privilege.
- ›Single sign-on with multi-factor authentication for employee access
- ›Role-based access controls scoped to job function
- ›Audit logs for administrative actions, retained per policy
- ›Regular access reviews
People
Our team is screened, trained, and accountable for protecting customer data.
- ›Background checks for new hires where legally permitted
- ›Security awareness training at onboarding and annually
- ›Confidentiality and IP assignment agreements for all personnel
Incident response
We maintain a documented incident response process. In the event of a confirmed security incident affecting customer data, we notify impacted customers without undue delay and within timeframes required by applicable law.
Compliance and certifications
We design our controls to meet recognized industry standards.
- ›Google CASA verified
- ›GDPR and CCPA aligned
- ›Standard Contractual Clauses available for cross-border transfers
- ›Data Processing Agreement available on request
- ›SOC 2 Type II on our roadmap
Reporting a security concern
If you believe you have discovered a vulnerability or want to request our security documentation, contact our security team at info@supportfinity.com. We acknowledge reports within two business days.