Security & Compliance

Privacy by Design

  1. End-to-End Encryption

All sensitive financial data — from expense logs to income records — is encrypted in transit and at rest using AES-256 encryption, the same standard used by global banks and government agencies. No data is ever exposed in plain text.

  1. Zero PII On-Chain

Finu never stores Personally Identifiable Information (PII) on the blockchain. Wallets are auto-generated and pseudonymous, ensuring that on-chain activity cannot be tied back to individual users through Finu.

  1. Cloud Security & Infrastructure Resilience

  • Hosted on secure cloud platforms (e.g., AWS) with auto-scaling, DDoS protection, and routine penetration testing

  • Data backups conducted daily with redundancy across geographic regions

  • Role-based access controls for internal staff to minimize surface area risk

Regulatory Compliance: Trust Built into the Core

  1. GDPR Compliant

Finu is fully aligned with the General Data Protection Regulation (GDPR), ensuring:

  • User data portability

  • Full control over account deletion and history

  • Explicit consent for any data processing or analytics

  1. SOC 2 (Type I and II) Aligned

Finu follows SOC 2 controls covering:

  • Security

  • Availability

  • Confidentiality

  • Processing integrity These principles guide internal development practices, access logs, and platform updates.

  1. Future-Proofed for Global Expansion

As Finu enters international markets, its infrastructure is designed to adapt to local data regulations including:

  • CCPA (California Consumer Privacy Act)

  • UK GDPR

  • FADP (Switzerland)

  • Potential MiCA (Markets in Crypto-Assets Regulation) alignment in the EU

Web3 Security: Trustless, Auditable, Verifiable

  1. Smart Contract Audits

All core smart contracts undergo third-party audits, with the first comprehensive audit scheduled by Certik in Q4 2025. The audit scope includes:

  • Reward distribution logic

  • Staking contracts

  • Governance modules

  • Token handling and wallet interactions

Post-audit results will be publicly accessible and open to community review, ensuring transparency and accountability.

  1. Non-Custodial Wallet Architecture

Finu uses non-custodial wallets for every user — eliminating centralized asset custody risks. Users retain control of private keys or can opt for biometric/secure device wallets (via WalletConnect) without exposing seed phrases.

Financial Data Integrations: Bank-Level Security

  1. Plaid Integration

Bank connections and financial syncs are powered by Plaid, a trusted provider used by apps like Robinhood, Venmo, and Coinbase. Plaid provides:

  • Secure tokenized access to 12,000+ financial institutions

  • 99.99% uptime

  • Read-only permissions (Finu cannot move or alter funds)

No bank login credentials are stored on Finu’s servers at any point.

2. User Protection Layer

  • 2FA + Biometric Login for sensitive actions

  • Session timeout + device activity monitoring

  • Anomaly detection algorithms flag suspicious behavior for internal audit

  • User alerts for key financial events or attempted access

  • Bug bounty program to identify vulnerabilities post-launch

PreviousAllocation & VestingNextRoadmap

Last updated