Keeping your data secure
Finch is committed to protecting the data of our customers, employers, and employees. That's why we prioritize securing our products, policies, and practices right from the start.
Your privacy is important to us. Learn more about our data practices in the Trust Center.
Secure by Design
Our infrastructure is designed to exceed industry standards to keep your and your customer's data safe.
We employ a secure workforce
Finch maintains a strong security culture by ensuring all employees have the training, tools, and knowledge to work securely. All employees are bound by Finch's internal policies and standards regarding the confidentiality of our customer data.
Our products are secure by design
Security is engaged right at the start of the design process, using the Finch Secure Development Lifecycle, to ensure our products, policies, and practices exceed industry standards.
Encryption protects your data when using Finch
Finch utilizes best-in-class encryption protocols to keep your data safe. Our infrastructure enforces the use of TLS 1.2 to encrypt data in transit between your application and Finch. All data is encrypted at rest using AES 256 bit encryption.
We are built on secure cloud infrastructure
Finch is hosted on industry-leading cloud infrastructure leveraging years of safety enhancements to ensure maximum performance, resilience, and speed of deployment.
Continuous monitoring protects your data
Finch's infrastructure is continuously monitored using industry-leading intrusion detection systems. Our 24/7 on-call team ensures all alerts are immediately acted on so your data is secure.
Global data and security compliance
Finch is SOC 2 and CCPA compliant. SOC 2 is an independent audit report which details information and assurance about Finch’s controls.
Employer-centric
Finch’s API allows applications to access employer data with the consent of the employer.
We do not sell identifiable or anonymized employer and employee data.
Employer-owned data
No employer or employee data is shared with a third party without the explicit consent of the employer — employers are in full control of their data.
Explicit consent and permissioning
Finch prompts employers to review and grant consent to the specific data points an application requests access to.
Security at Finch
Since day one, security and transparency have always been priorities at Finch. We are committed to protecting the data of our customers, employers, and employees. With our enterprise-level security practices and third-party audits, you can be confident about how your data is being stored, shared, and protected.
