Features Mexico Chile Brazil How it works Pricing Get Started

Security & Data Protection

Learn how Finthy protects your financial data with bank-level security, encryption, and industry-standard protocols across Mexico, Chile, and Brazil.

Our Security Commitment

At Finthy, security isn’t an afterthought—it’s the foundation of everything we do. We understand that you’re trusting us with your most sensitive financial information, and we take that responsibility seriously.

Bank-Level Security Standards

End-to-End Encryption

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Zero-knowledge architecture - we can’t see your banking credentials
  • Encrypted API communications with all financial institution partners

Secure Banking Connections

  • No credential storage - your banking passwords are never saved
  • Read-only access to account information
  • OAuth 2.0 and Open Banking standards where available
  • Multi-factor authentication support for enhanced protection

Regional Security Compliance

Mexico

  • CNBV (National Banking and Securities Commission) compliant
  • Secure Chrome Extension with isolated data processing
  • PCI DSS Level 1 certified infrastructure
  • SOC 2 Type II audited security controls

Chile

  • SBIF/CMF (Financial Market Commission) regulatory alignment
  • Open Finance API integration with certified security protocols
  • Local data residency options for Chilean customers
  • ISO 27001 certified data centers

Brazil

  • Banco Central do Brasil Open Banking compliance
  • LGPD (Lei Geral de Proteção de Dados) fully compliant
  • Open Finance security framework with bank-grade protection
  • Regular penetration testing and security audits

Data Protection Principles

Privacy by Design

  • Minimal data collection - we only gather what’s necessary
  • Purpose limitation - data used only for stated purposes
  • Data minimization - automatic deletion of unnecessary information
  • User control - you own your data and can delete it anytime

Access Controls

  • Role-based permissions for internal team access
  • Multi-factor authentication for all administrative functions
  • Regular access reviews and principle of least privilege
  • Audit logs for all data access and modifications

Infrastructure Security

Cloud Security

  • AWS/Google Cloud enterprise-grade infrastructure
  • Geographic data replication for disaster recovery
  • Automated security monitoring and threat detection
  • Regular security updates and vulnerability patching

Application Security

  • Secure development lifecycle (SDLC) practices
  • Regular security code reviews and static analysis
  • Dynamic application security testing (DAST)
  • Bug bounty program for continuous security improvement

Third-Party Integrations

Financial Data Providers

  • Open Finance (Brazil) - SOC 2 Type II certified
  • Open Finance (Chile) - Bank-certified Open Banking provider
  • Custom integrations (Mexico) - Direct bank API connections
  • Regular security assessments of all partners

Security Certifications

  • ISO 27001 Information Security Management
  • SOC 2 Type II Security, Availability, and Confidentiality
  • PCI DSS Payment Card Industry Data Security Standard
  • AICPA Trust Services Criteria compliance

Incident Response

24/7 Monitoring

  • Real-time threat detection and automated responses
  • Security Operations Center (SOC) monitoring
  • Incident response team with defined escalation procedures
  • Customer notification protocols for any security events

Transparency

  • Regular security updates to our community
  • Clear communication during any security incidents
  • Post-incident reports with lessons learned and improvements
  • Open security practices documentation

Your Security Responsibilities

Account Protection

  • Use strong, unique passwords for your Finthy account
  • Enable two-factor authentication when available
  • Keep your devices updated with the latest security patches
  • Log out from shared or public devices

Stay Informed

  • Review account activity regularly in the dashboard
  • Report suspicious activity immediately to our support team
  • Keep your contact information updated for security notifications
  • Follow our security blog for the latest protection tips

Security Resources

For Users

For Developers

  • API Security Documentation - Secure integration guidelines
  • Webhook Security - Proper signature verification methods
  • Rate Limiting - API usage limits and best practices

Contact Our Security Team

If you have security concerns or want to report a vulnerability:

Last updated: August 30, 2025

We continuously update our security measures to stay ahead of emerging threats. This page reflects our current security practices and will be updated as we enhance our protection measures.

Ready to Start?

Join thousands of users who trust Finthy to manage their finances across Latin America.

Start Free Trial Explore Features