Security
How we protect your financial data.
Encryption
256-bit AES encryption at rest. TLS 1.3 in transit. All database connections encrypted.
OWASP Compliance
Protection against SQL injection, XSS, CSRF, and all OWASP Top 10 vulnerabilities.
India-Only Storage
All data stored in Mumbai (ap-south-1). No cross-border transfers without consent.
Infrastructure
Hosted on Vercel (edge network) + Supabase (PostgreSQL). SOC 2 Type II compliant providers.
Security Headers
- Content-Security-Policy (CSP) — restricts resource loading
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
- Referrer-Policy: strict-origin-when-cross-origin
- Permissions-Policy: camera=(), microphone=()
Responsible Disclosure
If you discover a security vulnerability, please report it to security@finucity.com. We take all reports seriously and will respond within 48 hours.