Data security & privacy

Security

We apply best practices multi-layered approach to secure our platform and your business information

Cloud infrastructure

Our selection of Google Cloud Platform (GCP) as our cloud provider offers several security benefits for our customers' data:

Physical Security: Google data centers implement industry-leading physical security measures, including restricted access, video surveillance, and advanced intrusion detection systems. These measures are rigorously audited and adhere to internationally recognized standards like ISO 27001 for physical security.

Data Encryption: Google Cloud utilizes transparent encryption by default, encrypting data at rest and in transit with industry-standard algorithms like AES-256. Additionally, Google Key Management Service (KMS) provides centralized control over encryption keys, adhering to best practices for key rotation and access control.

Compliance: Google Cloud undergoes rigorous independent audits to ensure compliance with various industry standards and regulations, including ISO 27001, SOC 2, HIPAA, and PCI DSS. This independent verification provides additional assurance to our customers regarding the security posture of Google's cloud infrastructure.

Customer Identity and Access Management (IAM): Google Cloud IAM provides granular access controls to resources, ensuring adherence to the principle of least privilege. Customers can define roles and permissions based on their specific needs, aligning with Google's Identity and Access Management Policy.

Network Security: Google's private network offers a secure path for your data, protected by Google's physical and operational security measures.

Files and database encryption

All customer data, encompassing both files and databases, is encrypted at rest and in transit using robust encryption algorithms.

External Key Management. To ensure maximum control and data sovereignty, we leverage External Key Management (EKM). This means the encryption keys used to protect your data reside in a separate, secure system that you control, not within our cloud provider's infrastructure. This approach safeguards against unauthorized access, even by legal mandates from certain jurisdictions.

Benefits:

  • Enhanced Data Security: Encryption renders your data unreadable without the decryption keys, significantly bolstering its protection against unauthorized access or breaches.
  • Data Sovereignty: Since you control the encryption keys, your data remains subject to your control and regulatory requirements, even if located in geographically distinct data centers.
  • Privacy Protection: External Key Management safeguards your data against potential forced disclosure, ensuring it remains under your control.

Backups

We prioritize data security and uptime through a robust backup and disaster recovery strategy.

  • Cloud File Storage: We leverage geographically distributed, redundant cloud storage to ensure your data is automatically replicated across multiple data centers. This minimizes the risk of data loss due to hardware failure or regional outages.
  • Continuous Database Backups: We employ a continuous database backup process, capturing changes in real-time. This ensures minimal data loss in the event of a system failure and enables us to quickly restore your data to the most recent state.
  • Secure Backup Storage: We securely store backups in geographically separate data centers, further mitigating the impact of unforeseen events like natural disasters or localized disruptions.
  • Disaster Recovery Plan: We maintain a comprehensive disaster recovery plan that outlines procedures for rapid restoration of our platform and your data in case of a major incident.

Software stack

We prioritize a secure development lifecycle by utilizing open-source software stacks. This approach empowers us to:

  • Stay Ahead of Threats: Open-source software benefits from the collective expertise of a vast developer community. Constant scrutiny by developers helps identify and address vulnerabilities quickly, keeping our platform protected against emerging threats.
  • Transparent Security: The open nature of the code allows for independent security audits and verification. This transparency fosters trust and confidence in the security posture of our platform.
  • Integrate Best Practices: Open-source security libraries and frameworks readily address common security concerns like Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection, Clickjacking, Host Header Validation, and Session Security. These integrated solutions streamline development while reinforcing a robust security posture.

Security testing

To demonstrate a high level of security, we commit to perform an external third-party penetration test at least once per year.

These tests are performed by independent, ethical hacking experts who simulate real-world attack scenarios. This proactive approach helps us identify and address vulnerabilities before they can be exploited by malicious actors.

Privacy

Data residency

Enhanced Data Control and Regulatory Compliance for European Customers.

  • Data Residency in France: We prioritize the security and sovereignty of your data by storing it exclusively in data centers located within France. This geographical restriction aligns with strict European data privacy regulations, such as GDPR, ensuring your data remains subject to your control and regulatory requirements.
  • External Key Encryption: For an extra layer of security and control, we leverage External Key Management (EKM). This means the encryption keys used to protect your data reside in a separate, secure system that you control, not within our data centers. Even with data stored in France, EKM empowers you to maintain complete governance over your data.

GDPR compliance

INGREEN AI is firmly committed to protecting your data privacy and complying with the General Data Protection Regulation (GDPR). We understand that you have control over your personal information, and we empower you to exercise your rights under GDPR.

More details ay https://fingreen.ai/privacy

You can contact our Data Protection Officer (DPO) at privacy@fingreen.ai, in order to exercise these rights.

Access control & governance

Our platform empowers you to manage data access with exceptional granularity. You can define distinct access rights for individual users within the portal, ensuring only authorized personnel have access to specific data sets. This granular control minimizes the risk of unauthorized access and data breaches, fostering a more secure environment for your valuable information.

AI & LLMs

FINGREEN AI uses cloud provided LLM services. In order to ensure our customer's data privacy, throughout the use of 3rd party LLMs, here are our practices.

Model and Access Controls:

  • Our cloud providers have strong LLM privacy practices. We do not use providers that train their models using customer provided data. This ensures that customer data will not “leak” into public LLM responses.
  • We implement access controls to restrict who can view the outputs generated by the LLM. This ensures only authorized personnel see potentially sensitive information.

Monitoring and Auditing:

  • We track how your data is being used within the LLM. This helps identify any potential privacy risks or misuse of your data.
  • We conduct regular audits of your cloud provider's LLM security practices to ensure they are adhering to your data privacy requirements.