Security

Last Updated: February 1, 2026

At Termfi, security is foundational to everything we do. We understand that our customers trust us with sensitive financial documents and data. This page outlines our commitment to protecting that information.

Infrastructure Security

Cloud Hosting

Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 Type II certification. Data centers maintain physical security controls including biometric access, 24/7 surveillance, and environmental protections.

Network Security

  • Web Application Firewall (WAF) protection
  • DDoS mitigation
  • Intrusion detection and prevention systems
  • Regular vulnerability scanning

Data Protection

Encryption

  • In Transit: All data transmitted to and from Termfi is encrypted using TLS 1.2 or higher
  • At Rest: Data is encrypted using AES-256 encryption
  • Key Management: Encryption keys are managed through secure key management services

Data Isolation

Customer data is logically separated and isolated. Each customer's data is accessible only to authorized users within that organization.

Backup and Recovery

We maintain regular automated backups with point-in-time recovery capabilities. Backups are encrypted and stored in geographically separate locations.

Application Security

Secure Development

  • Security-focused code reviews
  • Static and dynamic application security testing (SAST/DAST)
  • Dependency vulnerability monitoring
  • Regular penetration testing by third parties

Authentication

  • Strong password requirements
  • Multi-factor authentication (MFA) support
  • Session management and automatic timeout
  • SSO integration capabilities (SAML 2.0, OAuth)

Access Controls

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Audit logging of all access and changes

Operational Security

Monitoring

We maintain 24/7 monitoring of our systems with automated alerting for security events and anomalies.

Incident Response

We have a documented incident response plan that includes identification, containment, eradication, recovery, and post-incident analysis. Customers are notified of security incidents that affect their data in accordance with applicable regulations.

Employee Security

  • Background checks for all employees
  • Security awareness training
  • Access provisioned on need-to-know basis
  • Secure remote work policies

Compliance

Termfi is committed to meeting industry security standards and regulatory requirements:

  • SOC 2 Type II (in progress)
  • GDPR compliance
  • CCPA compliance

Vendor Security

We carefully evaluate third-party vendors and service providers for their security practices. Vendors with access to customer data must meet our security requirements and are bound by data protection agreements.

Security Assessments

We welcome security questionnaires and assessments from customers. For enterprise customers, we can provide additional security documentation and participate in vendor security reviews.

Responsible Disclosure

If you discover a security vulnerability, we encourage you to report it to us responsibly. Please email security@gettermfi.com with details of the vulnerability. We commit to:

  • Acknowledging receipt within 24 hours
  • Providing regular updates on our investigation
  • Not pursuing legal action against good-faith security researchers

Contact

For security inquiries or to request additional security documentation:

Email: security@gettermfi.com