FIN Compliance – Privacy/Cyber Policy
Collection of your Personal Information
FINCompliance.io may collect personally identifiable information, such as your name upon opting into our subscription database. When you click on a link, you will be routed to one of our affiliated sites that also may gather personal or non-personal information in regards to your visit and/or purchase.
Information about your computer hardware and software may be automatically collected by FINCompliance.io. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the FINCompliance.io website.
FINCompliance.io encourages you to review the privacy statements of websites you choose to link to from FINCompliance.io so that you can understand how those websites collect, use and share your information. FINCompliance.io is not responsible for the privacy statements or other content on websites outside of the FINCompliance.io website.
Use of your Personal Information
FINCompliance.io may collect and uses your personal information to operate its website(s) and deliver the services you have requested.
FINCompliance.io may also use your personally identifiable information to inform you of other products or services available from FINCompliance.io and its affiliates. FINCompliance.io may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
FINCompliance.io does not sell, rent or lease its customer lists to third parties.
Our affiliated sites may gather personal or non-personal information upon your visit to their website and/or purchase.
FINCompliance.io may share data with trusted affiliates to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to FINCompliance.io, and they are required to maintain the confidentiality of your information.
FINCompliance.io will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on FINCompliance.io or the site; (b) protect and defend the rights or property of FINCompliance.io; and, (c) act under exigent circumstances to protect the personal safety of users of FINCompliance.io, or the public.
Security of your Personal Information
FINCompliance.io secures your personal information from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.
Children Under Thirteen
FINCompliance.io does not knowingly collect personally identifiable information from children under the age of thirteen. If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website.
Opt-Out & Unsubscribe
We respect your privacy and give you an opportunity to opt-out of receiving announcements of certain information. Users may opt-out of receiving any or all communications from FINCompliance.io by contacting us here:
Changes to this Statement
FINCompliance.io will occasionally update this Statement of Privacy to reflect company and customer feedback. FINCompliance.io encourages you to periodically review this Statement to be informed of how FINCompliance.io is protecting your information.
FINCompliance.io welcomes your questions or comments regarding this Statement of Privacy.
Our data is used in connection with services provided for your firm--you can choose to opt-out of receiving future notifications at any time. We have provided a copy of our privacy notices below.
Cybersecurity Policies/Due Diligence
Third Party Vendors/Overview
As a cloud service provider, we maintain protocols to provide a level of cybersecurity to your firm and practice. In addition to your internal safeguards, we aim to foster greater functionality in your electronic recordkeeping and needs in terms of Vendor due diligence.
Acceptable Encryption Policy
Acceptable encryption policy provides guidance and limits to the use of specific encryption algorithms. It also helps ensure compliance with federal, state and international regulations.
We follow industry standard encryption standards based on uploading documents that contain Personal Identifiable Information
We recommend using a second factor authentication (password protection at a minimum) for any documents that contain a client’s personal identification information (“PII”).
PII can include: Credit Card Numbers, Social Security numbers, financials, etc.
Google Cloud Security OverviewWe use Google Cloud backend
Google maintains the following security certifications:
SOC1™ (SSAE-16/ISAE-3402) - G Suite, Google Compute Engine, Google Cloud Storage, Google App Engine
SOC2™- G Suite, Google Compute Engine, Google Cloud Storage, Google App Engine
SOC3™- G Suite, Google Compute Engine, Google Cloud Storage, Google App Engine
ISO27001 - for G Suite and Google Cloud Platform
ISO27017 - for G Suite and Google Cloud Platform
ISO27018 - for G Suite and Google Cloud Platform
HIPAA - G Suite, Google Compute Engine, Google Cloud Storage, Google Big Query, Google Cloud SQL
HIPAA - Google App Engine, G Suite
FEDRAMP - Google App Engine, G Suite
Acceptable Use Policy
Acceptable use policy to describe the acceptable use of computer equipment in your company. These rules protect both, the worker and your company.
We use a company laptop for work purposes. We also use a VPN for transmitting data, passwords, and any other sensitive data over an internet connection.
Clean Desk Policy
Clean Desk Policy sets the minimum requirements for the maintenance of a “clean desk", so sensitive information about our employees, intellectual property, customers and suppliers is secure and stored out of sight. A Clean Desk policy not only complies with ISO 27001/17799 but also with GDPR.
All sensitive firm information will be stored on a secure cloud.
If we record any personal identifiable information on paper, we will make efforts to secure this documentation onto our cloud directory and then secure or destroy any paperwork.
Data Breach Response Policy
The data breach response policy sets out the goals for the breach response process. This policy clearly defines a data breach, the roles and responsibilities of employees, reporting standards and metrics, remediation and feedback mechanisms in case a breach occurs.
We will report all cyber breaches to our customers. We do not hold records of client personal information on our servers. If client data was compromised, we will provide an offer for credit monitoring services.
We will report all breaches to our developers at Redwhale, Inc. for risk mitigation and notification purposes. In the event of a data breach, we will take the following steps:
Disaster Recovery Plan Policy
The Disaster Recovery Plan Policy defines the recovery process for IT systems, applications, and data in case of any disaster that causes a system failure.
Attn: Angel Puerta
19925 Stevens Creek Blvd., Suite 100, Cupertino, CA 95014
Virtual Private Server is located with:
Database Mart LLC
257 Westwood Dr., League City, TX 77573
Server Backup Systems:
Crash Plan (Code 42)
100 Washington Ave S., Suite 2000., Minneapolis, MN 55401
Digital Signature Acceptance Policy
The Digital Signature Acceptance Policy is intended to provide guidance on validating a signer's identity in your company's electronic documents. Since communication is mainly electronic, the aim is to reduce confusion about the trust of a digital signature.
The email policy sets the minimum requirements for the use of emails within your network of companies.
Do not accept passwords via email
Require an encrypted file or conversation by telephone
The ethical policy is to create a culture of openness, confidence and emphasize the expectations of fair business practices. Practical ethics is a team effort involving your company's employees.
Pandemic Response Planning Policy
Pandemic Response Planning Policy provides directions and disaster recovery procedures to plan for and prepare for the rare event of a pandemic disease outbreak. The objective is to address the fact that pandemic events can create problems beyond the scope of traditional staff and technology planning.
Password Construction Guidelines
The Password Construction Guidelines are designed to provide best practices for strong password creation.
Password Protection Policy
The Password Protection Policy establishes a protection standard for distributing and storing passwords.
Security Response Plan Policy
The Safety Response Plan policy requires that all business units develop and maintain a safety response plan. This ensures that the security response team has all the necessary information to respond effectively to a safety incident.
End User Encryption Key Protection Policy
The End User Encryption Key Protection Policy sets out the protection requirements for end-users with encryption keys. These requirements are intended to avoid unauthorized disclosure, negligence, and wrongful abuse of encryption keys.
Acquisition Assessment Policy
Acquisition Evaluation Policy defines the minimum-security requirements for an Infosec acquisition evaluation.
Bluetooth Baseline Requirements Policy
The Bluetooth Baseline Requirements Policy provides a minimum standard to connect Bluetooth devices to the network devices of your company. The minimum standard shall protect personal data and critical company information.
Remote Access Policy
The Remote Access Policy lays down the rules and conditions for connecting any host to your company's network. These rules and requirements are intended to reduce the potential risk of damage to your company due to the unauthorized use of your company resources.
The firm has written policies and procedures related to the use of mobile devices by staff who access data in the cloud.
FIN Compliance/Lancer does not maintain access to any client records. Google cloud security maintains strict protocols to restricted access of end user data.
If you believe that FINCompliance.io has not adhered to this Statement, please contact FINCompliance.io at: 650-305-2688
Roberson Ventures Group, Inc.
Attn: Cory Roberson
2950 Buskirk Avenue, Suite #300
Walnut Creek, California 94597
Telephone number: 650-305-2688
Effective as of August 31, 2018