Data security

Building a security first communication infrastructure

At Fyno, data security is non-negotiable. We’ve taken utmost care to set and adhere to security gold standards.

security
We are fully compliant with all the applicable security guidelines

Server

For regulated companies in India (like financial services), we have dedicated instance of our software running on AWS servers, located in India. For non-Indian customers, our servers are located in USA & UK.

We also spin-off and manage dedicated server instances for customers with very high volume.

User data

Fyno acts as a middleware between you and your messaging / communication delivery platforms. In order to provide unified logs and analytics, Fyno securely stores your communication data. Further, in order to strengthen data security, we offer the following 2 features:
🔒 Encryption

We encrypt and store integration details like API key for Twilio, Kaleyra etc.

🔒 Masking & hashing

We store the placeholders and payload data using one way hash using SHA-256 algorithm, so that the data is not accessible to anyone in Fyno. Also, we mask destination data like Email, Phone no on our UI.

🔒 Our platform but your flexibility

Any customer can turn on the above 2 features from their workspace settings. Fyno will never bypass these parameters, which means that you’ll always have control over access.Fyno also offers data deletion / truncation at agreed time intervals to support customer’s specific compliance requirements.

Application security

Fyno conforms to leading security standards and best practices, so you don’t need to worry about sloppy systems or additional liability
🔗 Encryption at REST

All stored data, session cookies, and backups are encrypted at rest. Database fields storing credentials are also encrypted for additional security. No humans, Fyno’s staff included, can ever view your passwords.

🔗 Encryption in transit

All communication between customer systems and Fyno takes place using high levels of encryption (TLS 1.2/HTTPS).

🔗 SSO & MFA

Fyno integrates with your SSO/MFA solution to provide a seamless login experience via SAML 2.0. User authentication can take place without the need to manage yet another account/password combination.

🔗 Role based access controls

Fyno administrators can set user roles according to the principle of least privilege. Users only see what they need in order to perform their jobs.

🔗 Third party penetration testing

Fyno partners with external penetration testing vendors to conduct annual tests. Medium and higher severity findings are remediated, with reports available upon request and under NDA.

🔗 Vulnerability scanning

We scan our own systems regularly to identify common vulnerabilities. Servers are patched automatically on a regular schedule, with critical and high severity patches applied with the highest priority.

Reliability

We know your business operations are mission-critical — your company operations are in good hands with Fyno.
⚙️ Thorough backups

Fyno runs backups daily, encrypted in transit and at rest, with regular tests. Backups reside "off-site" from our offices, on Amazon S3 servers that store files on multiple devices.

⚙️ Data centers

Fyno hosts customer data in AWS’s ap-south-1 or AWS Mumbai region. For more information about AWS data center capabilities and compliance, refer to AWS’s data center information page.

⚙️ Recovery

Fyno reviews and updates its Business Impact Analysis (BIA) and Business Continuity Plan (BCP) on an annual basis. Our team has developed a process to provide well-defined Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Reports are available upon request and under NDA.

⚙️ Incident handling

Fyno maintains ongoing documentation and verification of its incident response policy and procedures. We apply a 6-step approach including preparation, identification, containment, eradication, recovery, and lessons learned to ensure consistency and ongoing improvements to our response process.

Continuous monitoring

We take our security measures seriously with an 'always on' mindset & take active steps to avoid risk.
🔍 Information security program

We have an information security program in place, communicated throughout our organization. Our information security program follows the criteria set forth by SOC 2.

🔍 Third party audits

Fyno undergoes independent third-party assessments to test security controls. Reports are available upon request, under NDA.

🔍 Security awareness training

Fyno team members go through regular security awareness trainings covering industry standard practices and information security topics.

🔍 Background checks

All new hires undergo a background check prior to starting their employment with Fyno.                           

🔍 Roles & responsibilities

Our InfoSec program follows a process of careful planning. Roles and responsibilities related to customer data protection are well-defined and documented.