Privacy Policy


FIN Compliance – Privacy/Cyber Policy

Protecting your private information is our priority. This Statement of Privacy applies to the FINCompliance.io (“FINCompliance.io”) that governs data collection and usage. For the purposes of this Privacy Policy, unless otherwise noted, all references to FINCompliance.io include FINCompliance.io.   By using the FINCompliance.io website, you consent to the data practices described in this statement.



Collection of your Personal Information

FINCompliance.io may collect personally identifiable information, such as your name upon opting into our subscription database.  When you click on a link, you will be routed to one of our affiliated sites that also may gather personal or non-personal information in regards to your visit and/or purchase.

Information about your computer hardware and software may be automatically collected by FINCompliance.io.  This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the FINCompliance.io website.

FINCompliance.io encourages you to review the privacy statements of websites you choose to link to from FINCompliance.io so that you can understand how those websites collect, use and share your information. FINCompliance.io is not responsible for the privacy statements or other content on websites outside of the FINCompliance.io website.


Use of your Personal Information

FINCompliance.io may collect and uses your personal information to operate its website(s) and deliver the services you have requested.

FINCompliance.io may also use your personally identifiable information to inform you of other products or services available from FINCompliance.io and its affiliates.  FINCompliance.io may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

FINCompliance.io does not sell, rent or lease its customer lists to third parties. 

Our affiliated sites may gather personal or non-personal information upon your visit to their website and/or purchase.

FINCompliance.io may share data with trusted affiliates to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to FINCompliance.io, and they are required to maintain the confidentiality of your information.

FINCompliance.io will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on FINCompliance.io or the site; (b) protect and defend the rights or property of FINCompliance.io; and, (c) act under exigent circumstances to protect the personal safety of users of FINCompliance.io, or the public.


Security of your Personal Information

FINCompliance.io secures your personal information from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.


Children Under Thirteen

FINCompliance.io does not knowingly collect personally identifiable information from children under the age of thirteen. If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website.


Opt-Out & Unsubscribe

We respect your privacy and give you an opportunity to opt-out of receiving announcements of certain information. Users may opt-out of receiving any or all communications from FINCompliance.io by contacting us here:


Changes to this Statement

FINCompliance.io will occasionally update this Statement of Privacy to reflect company and customer feedback. FINCompliance.io encourages you to periodically review this Statement to be informed of how FINCompliance.io is protecting your information.


Contact Information

FINCompliance.io welcomes your questions or comments regarding this Statement of Privacy.


GDPR Privacy Policy Disclosure/EU Residents Rights
Our data is used in connection with services provided for your firm--you can choose to opt-out of receiving future notifications at any time. We have provided a copy of our privacy notices below.


Cybersecurity Policies/Due Diligence


For:


Third Party Vendors/Overview

As a cloud service provider, we maintain protocols to provide a level of cybersecurity to your firm and practice.  In addition to your internal safeguards, we aim to foster greater functionality in your electronic recordkeeping and needs in terms of Vendor due diligence.


Acceptable Encryption Policy 

Acceptable encryption policy provides guidance and limits to the use of specific encryption algorithms. It also helps ensure compliance with federal, state and international regulations. 


We follow industry standard encryption standards based on uploading documents that contain Personal Identifiable Information

 

We recommend using a second factor authentication (password protection at a minimum) for any documents that contain a client’s personal identification information (“PII”). 

 

PII can include: Credit Card Numbers, Social Security numbers, financials, etc. 


Google Cloud Security Overview

We use Google Cloud backend

Google maintains the following security certifications:

SOC1™ (SSAE-16/ISAE-3402) - G Suite, Google Compute Engine, Google Cloud Storage, Google App Engine

SOC2™- G Suite, Google Compute Engine, Google Cloud Storage, Google App Engine

SOC3™- G Suite, Google Compute Engine, Google Cloud Storage, Google App Engine

ISO27001 - for G Suite and Google Cloud Platform

ISO27017 - for G Suite and Google Cloud Platform

ISO27018 - for G Suite and Google Cloud Platform

HIPAA - G Suite, Google Compute Engine, Google Cloud Storage, Google Big Query, Google Cloud SQL

HIPAA - Google App Engine, G Suite

FEDRAMP - Google App Engine, G Suite

 


Acceptable Use Policy 

Acceptable use policy to describe the acceptable use of computer equipment in your company. These rules protect both, the worker and your company. 


We use a company laptop for work purposes.  We also use a VPN for transmitting data, passwords, and any other sensitive data over an internet connection.



Clean Desk Policy 

Clean Desk Policy sets the minimum requirements for the maintenance of a “clean desk", so sensitive information about our employees, intellectual property, customers and suppliers is secure and stored out of sight. A Clean Desk policy not only complies with ISO 27001/17799 but also with GDPR. 


All sensitive firm information will be stored on a secure cloud.  

 

If we record any personal identifiable information on paper, we will make efforts to secure this documentation onto our cloud directory and then secure or destroy any paperwork.


Data Breach Response Policy 

The data breach response policy sets out the goals for the breach response process. This policy clearly defines a data breach, the roles and responsibilities of employees, reporting standards and metrics, remediation and feedback mechanisms in case a breach occurs. 


We will report all cyber breaches to our customers.  We do not hold records of client personal information on our servers.   If client data was compromised, we will provide an offer for credit monitoring services.

 

We will report all breaches to our developers at Redwhale, Inc. for risk mitigation and notification purposes. In the event of a data breach, we will take the following steps:


Disaster Recovery Plan Policy

The Disaster Recovery Plan Policy defines the recovery process for IT systems, applications, and data in case of any disaster that causes a system failure. 


Software Developers:


Our Developers:


Redwhale

Attn:  Angel Puerta

19925 Stevens Creek Blvd., Suite 100, Cupertino, CA 95014

https://www.redwhale.com/

650.312.1500

 

Virtual Private Server is located with:

 

Database Mart LLC

257 Westwood Dr., League City, TX 77573

https://www.databasemart.com/hosting

 

Server Backup Systems:

 

Crash Plan (Code 42)

100 Washington Ave S., Suite 2000., Minneapolis, MN 55401

https://www.code42.com/contact/


Digital Signature Acceptance Policy 

The Digital Signature Acceptance Policy is intended to provide guidance on validating a signer's identity in your company's electronic documents. Since communication is mainly electronic, the aim is to reduce confusion about the trust of a digital signature. 


Email Policy 

The email policy sets the minimum requirements for the use of emails within your network of companies. 


Do not accept passwords via email

Require an encrypted file or conversation by telephone


Ethics Policy 

The ethical policy is to create a culture of openness, confidence and emphasize the expectations of fair business practices. Practical ethics is a team effort involving your company's employees. 


Pandemic Response Planning Policy 

Pandemic Response Planning Policy provides directions and disaster recovery procedures to plan for and prepare for the rare event of a pandemic disease outbreak. The objective is to address the fact that pandemic events can create problems beyond the scope of traditional staff and technology planning. 


Password Construction Guidelines 

The Password Construction Guidelines are designed to provide best practices for strong password creation. 


Password Protection Policy 

The Password Protection Policy establishes a protection standard for distributing and storing passwords. 


Security Response Plan Policy 

The Safety Response Plan policy requires that all business units develop and maintain a safety response plan. This ensures that the security response team has all the necessary information to respond effectively to a safety incident. 


End User Encryption Key Protection Policy 

The End User Encryption Key Protection Policy sets out the protection requirements for end-users with encryption keys. These requirements are intended to avoid unauthorized disclosure, negligence, and wrongful abuse of encryption keys. 


Acquisition Assessment Policy 

Acquisition Evaluation Policy defines the minimum-security requirements for an Infosec acquisition evaluation. 


Bluetooth Baseline Requirements Policy 

The Bluetooth Baseline Requirements Policy provides a minimum standard to connect Bluetooth devices to the network devices of your company. The minimum standard shall protect personal data and critical company information. 


Remote Access Policy 

The Remote Access Policy lays down the rules and conditions for connecting any host to your company's network. These rules and requirements are intended to reduce the potential risk of damage to your company due to the unauthorized use of your company resources.  

 

The firm has written policies and procedures related to the use of mobile devices by staff who access data in the cloud.

 

FIN Compliance/Lancer does not maintain access to any client records.  Google cloud security maintains strict protocols to restricted access of end user data.

 


If you believe that FINCompliance.io has not adhered to this Statement, please contact FINCompliance.io at: 650-305-2688


FINCompliance.io

Roberson Ventures Group, Inc.

Attn: Cory Roberson

2950 Buskirk Avenue, Suite #300

Walnut Creek, California 94597


Email Address:

Cory@FINCompliance.io

Telephone number: 650-305-2688

Effective as of August 31, 2018

  • Setup an Account Profile

  • Review Compliance Calendar

  • Discuss Service Needs

SETUP AN ACCOUNT FOR REGULATORY UPDATES