November 13, 2023
When you work with financial data, everyone expects you to take real, legitimate care to keep it safe. Unfortunately, the fintech industry often lags behind the broader tech sphere when it comes to transparency, replacing old technologies, and embracing innovations that make it easier to secure systems. Disturbingly, we’ve seen a number of newer fintech companies flout security and regulatory commitments and generally fail to treat sensitive data with the care & respect it deserves.
When you work with us, we follow a number of core principles that help keep your data safe & your end users happy:
When you use our systems to process data, we make sure as much as possible is fully automated and driven by your staff. There’s no emailing CSVs around, uploading data to an outdated FTP server, or sending large packages of sensitive info to a CSM. This helps limit the risk of human error, carelessness, or misjudgment.
We accept data in two ways: over our API via encrypted connections, or through a CSV upload process right inside your account. If you do choose to upload CSVs, we put you in the driver’s seat by giving you direct access to the tools to correct faulty data, match data to our internal classifications, and monitor the status & success rates of any actions triggered by the import. While we’re always ready to help out over at our support channels, we’ve set up our systems to make sure we don’t have to work directly with your data to make the system work.
We’re upfront and honest about what we offer. We’ve given you detailed information about our security commitments over at our security hub, including whitepapers, summaries of our core practices, and a real-time view into 50+ controls from our compliance monitoring system. If you prefer more formality, our System Description in our SOC 2 report includes 15 pages (vetted annually by auditors) describing security commitments that we continuously uphold, and we make additional security commitments to our customers processing European resident data in a dedicated Data Protection Agreement (DPA) that makes sure we follow critical GDPR requirements.
We don’t think you should trust companies who are cagey or unclear about their security capabilities, who don’t prioritize handling your questions, or who haven’t taken the time to demonstrate what they can deliver before learning what you care about - security is a business of verification & assurance, not just trust!
We’ve done the prep work to make sure we can get through your internal approval processes without extra fuss. To help make things easy for everyone, we have:
When we release changes to our system, we take extra care to make sure our development practices are rock solid, that we minimize foreseeable problems, and that we’re just as careful in securing our codebase as we are with our servers & laptops. Every time we make a change to the production system, we do each of the following:
Don’t compromise on partners that follow checklists designed to secure corporate infrastructure, but fail to secure the actual product they’re releasing. With the advent of developer-focused AI tools, it’s especially important for companies to have extra checks and balances over their codebase and make sure that any outsourced development is well-supervised.
We’re a tech company with a tightly knit feedback loop between our security team, our engineering staff, and our customer-facing contact points. We follow best practices on authentication and encryption, rely on trustworthy partners like AWS, and take advantage of the strong security features offered by modern technology. We look for and patch security holes in our system, and use several layers of third party tools and outside partners to make sure we’re not fooling ourselves about the state of our platform. If we hear from our partners that we’re not addressing a risk or concern, or that our customer agreements cause headaches for their compliance team, we’re quick to review & act on it. While we’re not infallible, we take the essentials seriously and have a track record of executing well against them.
We hope this helps you get to know our security priorities & learn a bit more about our team. If you want to dig in deeper, head on over to our security hub, take a look at the trust report from our compliance monitoring system, or check out more info on how we handle personal information, including for those in California. If you want to see the system in action, go ahead and book a demo right from our homepage.
When you partner with Abound, you’re buying our services, but you’re getting our security assurances for free:
If you need to get in touch with our security staff, you can always contact us at security@withabound.com, or reach out to any sales, support, or account representatives with your questions - we’ll make sure they end up in the right place.