Security & trust
Built with finance-grade rigor from day one.
Finance data is among the most sensitive a business handles. Fintant's security posture reflects that — access, audit, and data handling are first-class concerns, not afterthoughts.
Authentication & session
Short-lived JWT access tokens with rotating refresh tokens; OAuth via Google and LinkedIn; forced password reset on first internal login; bcrypt password hashing.
Role-based access control
Every protected endpoint checks a permission. Roles are category-scoped (client, partner, internal) and assignments are auditable.
Full audit trail
Every state-changing action — registration, login, user invites, role changes, data edits — is written to an immutable audit log queryable by authorised administrators.
Data handling
Sensitive documents are stored in AWS S3 with least-privilege access. Cross-border contracting and multi-currency payouts are designed in — not bolted on.
Responsible disclosure
Found something that looks wrong? We'd genuinely like to hear about it. Emailsecurity@fintant.ai with details, and we'll respond within two business days.
Need the enterprise security pack?
Due-diligence questionnaires, DPA, and architecture overview are available on request.