Finch is committed to protecting the data of our customers, employers, and employees. That's why we prioritize securing our products, policies, and practices right from the start.
Our infrastructure is designed to exceed industry standards to keep your and your customer's data safe.
Finch maintains a strong security culture by ensuring all employees have the training, tools, and knowledge to work securely. All employees are bound by Finch's internal policies and standards regarding the confidentiality of our customer data.
Security is engaged right at the start of the design process, using the Finch Secure Development Lifecycle, to ensure our products, policies, and practices exceed industry standards.
Finch utilizes best-in-class encryption protocols to keep your data safe. Our infrastructure enforces the use of TLS 1.2 to encrypt data in transit between your application and Finch. All data is encrypted at rest using AES 256 bit encryption.
Finch is hosted on industry-leading cloud infrastructure leveraging years of safety enhancements to ensure maximum performance, resilience, and speed of deployment.
Finch's infrastructure is continuously monitored using industry-leading intrusion detection systems. Our 24/7 on-call team ensures all alerts are immediately acted on so your data is secure.
Finch is SOC 2 and CCPA compliant. SOC 2 is an independent audit report which details information and assurance about Finch’s controls.
Finch’s API allows applications to access employer data with the consent of the employer.
We do not sell identifiable or anonymized employer and employee data.
No employer or employee data is shared with a third party without the explicit consent of the employer — employers are in full control of their data.
Finch prompts employers to review and grant consent to the specific data points an application requests access to.
Since day one, security and transparency have always been priorities at Finch. We are committed to protecting the data of our customers, employers, and employees. With our enterprise-level security practices and third-party audits, you can be confident about how your data is being stored, shared, and protected.