How we protect your data and maintain trust.
Your invoice data never leaves your browser. All processing happens locally on your device. We cannot see your data even if we wanted to.
When you upload an invoice to Finault's analyzer:
| Layer | Standard | Status |
|---|---|---|
| In Transit | TLS 1.3 | Active |
| At Rest | AES-256 (when applicable) | Active |
| Gateway Traffic | TLS 1.3 + Certificate Pinning | Active |
For customers using the Finault Gateway (real-time proxy):
| Feature | Description |
|---|---|
| API Key Management | Your provider API keys are encrypted and never logged |
| Request Logging | Metadata only by default; prompt logging is opt-in |
| Data Retention | Configurable: 30, 90, or 365 days |
| Access Controls | Role-based access with audit logging |
| Certification | Status | Timeline |
|---|---|---|
| SOC 2 Type I | Planned | Q3 2026 |
| SOC 2 Type II | Planned | Q1 2027 |
| GDPR Compliance | Active | Current |
| CCPA Compliance | Active | Current |
Finault provides documentation and audit trails to support your compliance programs. We do not claim to be a certification body. Please consult your legal and compliance teams for specific requirements.
| Component | Provider | Location |
|---|---|---|
| Website | Vercel | Global CDN |
| Gateway API | Railway | US-West |
| Database | Supabase (PostgreSQL) | US-East |
We take security seriously. If you discover a vulnerability, please report it responsibly:
Email: security@finault.ai
Response Time: We aim to respond within 24 hours and provide a fix timeline within 72 hours.
For security-related questions or to request a security review document, contact us at security@finault.ai.
For general support, visit our Support page.