Security and
Privacy by Design


At Finicast, we have committed ourselves to the highest standards of security to deliver trust and assurance to customers.

We strive to continue improving our internal security controls and their effectiveness to give you confidence in our product.

Secure by Design

The core tenets of Finicast’s security program are to safeguard customer data and to maintain customer trust. Finicast has implemented layers of security throughout our organization. We’re passionate about defining new security controls and continuously refining our existing ones. Our security program is driven not only by compliance and regulatory requirements but also by industry best practices like SOC 2, ISO 27001, and HIPAA. We apply the principle of least privilege on access controls to ensure that employees are only given the level of access required for their job duties. Additionally, we utilize role-based access control to assign access privileges.

Future-proof
Our product team takes a forward-thinking approach to privacy and security with a framework for building a secure, reliable, and consumer-grade product. We don’t build anything new unless we are meeting the security and privacy standards we’ve laid out.

Privacy and Protections
The data you store in HubSpot products is yours—we put our security program in place to protect it, and use it only as permitted in our Customer Terms of Service and Privacy Policy. We never share your data across customers and never sell it.

Compliance Certificates

SOC 2Type 2
Finicast is SOC 2 Type 2 compliant. SOC 2 is a reporting framework developed by the American Institute of CPAs (AICPA) to help service organizations, such as software vendors, demonstrate their security posture and service commitments to prospective and existing customers. Our platform meets the strict requirements for the security, availability, and confidentiality trust services categories. The SOC 2 Type 2 report is available to Finicast customers and prospects upon request.

Health Insurance Portability and Accountability Act (HIPAA)
The Finicast Platform supports HIPAA compliance with the Security and Breach Notification Rule in the role of a Business Associate. Finicast will enter into Business Associate Agreements with customers as necessary under HIPAA, but customers are ultimately responsible for evaluating their own services and products for HIPAA compliance.

ISO 27001
Finicast is ISO 27001 certified. ISO 27001 is a globally recognized standard for the establishment and certification of an information security management system (ISMS). The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented ISMS within the context of the organization’s overall business risks. It sets forth an arisk-based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties. Please feel free to contact us at security@finicast.com if you have any security or privacy-related questions, concerns, or comments.