##### Security & TOMs (+ vulnerability disclosure) **Last updated:** October 1, 2025 At FintechGraphs, we apply layered security controls appropriate for a B2B analytics/info service. ###### Technical & Organizational Measures (TOMs) - **Network & Transport Security:** TLS for data in transit; Cloudflare CDN/WAF/DDoS protection; HSTS; minimal public surface. - **Encryption:** Data in transit via TLS; at-rest encryption on provider infrastructure where supported. - **Access Control:** Role-based access; least privilege; MFA for admin accounts; unique credentials; session timeouts. - **Logging & Monitoring:** Security and access logs; anomaly detection via provider tooling; time-bound log retention. - **Secure Development:** Dependency management; code reviews for sensitive changes; secrets management; environment separation. - **Backups & Continuity:** Provider-level redundancy; periodic backups for critical data; tested restore procedures. - **Vendor & Sub-processor Management:** DPAs/SCCs in place; periodic review of vendor security posture. - **Data Minimization & Retention:** Collect only what’s needed; retention aligned to our Privacy Policy; deletion upon request or end of contract. - **Incident Response:** Triage within **24h** of discovery; notify affected customers **without undue delay** where legally required; post-incident review. ###### Vulnerability Disclosure Policy - **Scope:** *.fintechgraphs.com and associated services we operate. - **How to report:** Email [email protected] with steps to reproduce and impact. - **Safe-harbor:** If you follow this policy, do not access data beyond what’s necessary to prove the issue, and give us reasonable time to fix, we will not pursue legal action related to your good-faith research. - **No monetary bug bounties** at this time; we may acknowledge contributors on request.