At Fyno, data security is non-negotiable. We’ve taken utmost care to set and adhere to security gold standards.
We encrypt and store integration details like API key for Twilio, Kaleyra etc.
We store the placeholders and payload data using one way hash using SHA-256 algorithm, so that the data is not accessible to anyone in Fyno. Also, we mask destination data like Email, Phone no on our UI.
Any customer can turn on the above 2 features from their workspace settings. Fyno will never bypass these parameters, which means that you’ll always have control over access.Fyno also offers data deletion / truncation at agreed time intervals to support customer’s specific compliance requirements.
All stored data, session cookies, and backups are encrypted at rest. Database fields storing credentials are also encrypted for additional security. No humans, Fyno’s staff included, can ever view your passwords.
All communication between customer systems and Fyno takes place using high levels of encryption (TLS 1.2/HTTPS).
Fyno integrates with your SSO/MFA solution to provide a seamless login experience via SAML 2.0. User authentication can take place without the need to manage yet another account/password combination.
Fyno administrators can set user roles according to the principle of least privilege. Users only see what they need in order to perform their jobs.
Fyno partners with external penetration testing vendors to conduct annual tests. Medium and higher severity findings are remediated, with reports available upon request and under NDA.
We scan our own systems regularly to identify common vulnerabilities. Servers are patched automatically on a regular schedule, with critical and high severity patches applied with the highest priority.
Fyno runs backups daily, encrypted in transit and at rest, with regular tests. Backups reside "off-site" from our offices, on Amazon S3 servers that store files on multiple devices.
Fyno hosts customer data in AWS’s ap-south-1 or AWS Mumbai region. For more information about AWS data center capabilities and compliance, refer to AWS’s data center information page.
Fyno reviews and updates its Business Impact Analysis (BIA) and Business Continuity Plan (BCP) on an annual basis. Our team has developed a process to provide well-defined Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Reports are available upon request and under NDA.
Fyno maintains ongoing documentation and verification of its incident response policy and procedures. We apply a 6-step approach including preparation, identification, containment, eradication, recovery, and lessons learned to ensure consistency and ongoing improvements to our response process.
We have an information security program in place, communicated throughout our organization. Our information security program follows the criteria set forth by SOC 2.
Fyno undergoes independent third-party assessments to test security controls. Reports are available upon request, under NDA.
Fyno team members go through regular security awareness trainings covering industry standard practices and information security topics.
All new hires undergo a background check prior to starting their employment with Fyno.
Our InfoSec program follows a process of careful planning. Roles and responsibilities related to customer data protection are well-defined and documented.