Security

Security

Last Updated: September 14, 2017
Password and Encryption

User login passwords are salted, hashed and one-way encrypted using a strong algorithm. There is no way to decrypt those passwords. In-case of lost or forgotten passwords, resetting passwords is the only option to recover access to user account.

No passwords are stored for user accounts that use Google SSO to login into Fusionmint. Responsibility of securing credentials for those accounts lies solely with Google.

User Data Access

All data communication between user browsers and servers is encrypted using latest SSL encryption standards. There is no other unsecure way to communicate with servers.

Business Data Security

As a business owner (and administrator) you are responsible for securing access to your data. We provide security and access control mechanisms for you to restrict data access to users with different access profiles. All data access is explicit so unless a user is given access specifically by the administrator, they have no data visibility or any other capability to do any action on your data.

We as a service provider, do not have access to your data. In case you need our support in troubleshooting or help in configuring your system, you need to explicitly give our support team access to your data. After support is complete, access for our support team should be removed by you.

Data Centre Security and Access

We use DigitalOcean as our main cloud infrastructure provider, one of the leading name in cloud computing services. They have a highly secured infrastructure and multi-level security mechanisms in place to secure servers that house your data. Further details on their security are available here https://www.digitalocean.com/security

For our file storage services, we use Amazon Web Services (AWS) Simple Storage Service (S3), another leading name in cloud computing services. For more details about their security, please read AWS Security Whitepaper

Access to DigitalOcean and Amazon Web Services cloud infrastructure is limited to only certain employees in our organization. They are required to follow highest level of security measures and under go regular auditing to ensure that they follow industry standard security practices.

Our servers are secured at multiple levels and data communication is regulated and allowed only the bare minimum access to ensure that services can run without any disruption.

Payments

We do not store any Credit Card information necessary to process billings and payments for your account. We use 2Checkout for all billings and they are PCI Level 1 certified. You can find more details on their security measure here https://www.2checkout.com/fraud-protection

Reporting Security Issues & Threats

If you have found out any security vulnerability that impacts Fusionmint users, then please report that immediately to our security team at: support@fusionmint.com with all relevant details. We will promptly investigate that and may contact you for more details to understand and replicate the vulnerability.

As a responsible netizen, we would request you not to disclose the security vulnerability publicly, unless it has been resolved by us and communicated to all our affected customers for preventive action. Handling of data security is our topmost priority and your support in this regard is important for us.

Data Breach Notification

We monitor our systems 24x7 for any suspicious activities or attacks. In the event of a suspected data breach, either noticed by us or communicated to us by any third-party, our first priority is to convene a fact-finding investigation team to determine whether a data breach or compromise has occurred and on confirmation take preventive measures to stop unauthorized access immediately by securing our systems.

Responsibilities of the investigation team includes assessment of the extent and impact of the breach, preserve all evidence related to the breach for future analysis and also document all steps related to the breach investigation.

Based on the nature of the breach, affected customers are notified by email within 30 days upon discovery of a data breach. Notification communication would include:

  • Description of the incident in general terms and a timeline of the data breach.
  • Description of the type of personal information that was subject to possible unauthorized access and acquisition.
  • Details on actions taken by our team to protect the personal information from further unauthorized access.
Contacting us

For any further queries related to data security please contact our legal team at: support@fusionmint.com