Privacy Policy


FIN Compliance – Privacy/Cyber Policy

Protecting your private information is our priority. This Statement of Privacy applies to the FINCompliance.io (“FINCompliance.io”) that governs data collection and usage. For the purposes of this Privacy Policy, unless otherwise noted, all references to FINCompliance.io include FINCompliance.io.   By using the FINCompliance.io website, you consent to the data practices described in this statement.



Collection of your Personal Information

FINCompliance.io may collect personally identifiable information, such as your name upon opting into our subscription database.  When you click on a link, you will be routed to one of our affiliated sites that also may gather personal or non-personal information in regards to your visit and/or purchase.

Information about your computer hardware and software may be automatically collected by FINCompliance.io.  This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the FINCompliance.io website.

FINCompliance.io encourages you to review the privacy statements of websites you choose to link to from FINCompliance.io so that you can understand how those websites collect, use and share your information. FINCompliance.io is not responsible for the privacy statements or other content on websites outside of the FINCompliance.io website.


Use of your Personal Information

FINCompliance.io may collect and uses your personal information to operate its website(s) and deliver the services you have requested.

FINCompliance.io may also use your personally identifiable information to inform you of other products or services available from FINCompliance.io and its affiliates.  FINCompliance.io may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

FINCompliance.io does not sell, rent or lease its customer lists to third parties. 

Our affiliated sites may gather personal or non-personal information upon your visit to their website and/or purchase.

FINCompliance.io may share data with trusted affiliates to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to FINCompliance.io, and they are required to maintain the confidentiality of your information.

FINCompliance.io will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on FINCompliance.io or the site; (b) protect and defend the rights or property of FINCompliance.io; and, (c) act under exigent circumstances to protect the personal safety of users of FINCompliance.io, or the public.


Security of your Personal Information

FINCompliance.io secures your personal information from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.


Children Under Thirteen

FINCompliance.io does not knowingly collect personally identifiable information from children under the age of thirteen. If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website.


Opt-Out & Unsubscribe

We respect your privacy and give you an opportunity to opt-out of receiving announcements of certain information. Users may opt-out of receiving any or all communications from FINCompliance.io by contacting us here:


Changes to this Statement

FINCompliance.io will occasionally update this Statement of Privacy to reflect company and customer feedback. FINCompliance.io encourages you to periodically review this Statement to be informed of how FINCompliance.io is protecting your information.


Contact Information

FINCompliance.io welcomes your questions or comments regarding this Statement of Privacy.


GDPR Privacy Policy Disclosure/EU Residents Rights
Our data is used in connection with services provided for your firm--you can choose to opt-out of receiving future notifications at any time. We have provided a copy of our privacy notices below.


Cybersecurity Policies/Due Diligence


For:


Third Party Vendors/Overview

As a cloud service provider, we maintain protocols to provide a level of cybersecurity to your firm and practice.  In addition to your internal safeguards, we aim to foster greater functionality in your electronic recordkeeping and needs in terms of Vendor due diligence.


Acceptable Encryption Policy 

Acceptable encryption policy provides guidance and limits to the use of specific encryption algorithms. It also helps ensure compliance with federal, state and international regulations. 


We follow industry standard encryption standards based on uploading documents that contain Personal Identifiable Information

 

We recommend using a second factor authentication (password protection at a minimum) for any documents that contain a client’s personal identification information (“PII”). 

 

PII can include: Credit Card Numbers, Social Security numbers, financials, etc. 


Google Cloud Security Overview

We use Google Cloud backend

Google maintains the following security certifications:

SOC1™ (SSAE-16/ISAE-3402) - G Suite, Google Compute Engine, Google Cloud Storage, Google App Engine

SOC2™- G Suite, Google Compute Engine, Google Cloud Storage, Google App Engine

SOC3™- G Suite, Google Compute Engine, Google Cloud Storage, Google App Engine

ISO27001 - for G Suite and Google Cloud Platform

ISO27017 - for G Suite and Google Cloud Platform

ISO27018 - for G Suite and Google Cloud Platform

HIPAA - G Suite, Google Compute Engine, Google Cloud Storage, Google Big Query, Google Cloud SQL

HIPAA - Google App Engine, G Suite

FEDRAMP - Google App Engine, G Suite

 


Acceptable Use Policy 

Acceptable use policy to describe the acceptable use of computer equipment in your company. These rules protect both, the worker and your company. 


We use a company laptop for work purposes.  We also use a VPN for transmitting data, passwords, and any other sensitive data over an internet connection.



Clean Desk Policy 

Clean Desk Policy sets the minimum requirements for the maintenance of a “clean desk", so sensitive information about our employees, intellectual property, customers and suppliers is secure and stored out of sight. A Clean Desk policy not only complies with ISO 27001/17799 but also with GDPR. 


All sensitive firm information will be stored on a secure cloud.  

 

If we record any personal identifiable information on paper, we will make efforts to secure this documentation onto our cloud directory and then secure or destroy any paperwork.


Data Breach Response Policy 

The data breach response policy sets out the goals for the breach response process. This policy clearly defines a data breach, the roles and responsibilities of employees, reporting standards and metrics, remediation and feedback mechanisms in case a breach occurs. 


We will report all cyber breaches to our customers.  We do not hold records of client personal information on our servers.   If client data was compromised, we will provide an offer for credit monitoring services.

 

We will report all breaches to our developers at Redwhale, Inc. for risk mitigation and notification purposes. In the event of a data breach, we will take the following steps:


Disaster Recovery Plan Policy

The Disaster Recovery Plan Policy defines the recovery process for IT systems, applications, and data in case of any disaster that causes a system failure. 


Software Developers:


Our Developers:


Redwhale

Attn:  Angel Puerta

19925 Stevens Creek Blvd., Suite 100, Cupertino, CA 95014

https://www.redwhale.com/

650.312.1500

 

Virtual Private Server is located with:

 

Database Mart LLC

257 Westwood Dr., League City, TX 77573

https://www.databasemart.com/hosting

 

Server Backup Systems:

 

Crash Plan (Code 42)

100 Washington Ave S., Suite 2000., Minneapolis, MN 55401

https://www.code42.com/contact/


Digital Signature Acceptance Policy 

The Digital Signature Acceptance Policy is intended to provide guidance on validating a signer's identity in your company's electronic documents. Since communication is mainly electronic, the aim is to reduce confusion about the trust of a digital signature. 


Email Policy 

The email policy sets the minimum requirements for the use of emails within your network of companies. 


Do not accept passwords via email

Require an encrypted file or conversation by telephone


Ethics Policy 

The ethical policy is to create a culture of openness, confidence and emphasize the expectations of fair business practices. Practical ethics is a team effort involving your company's employees. 


Pandemic Response Planning Policy 

Pandemic Response Planning Policy provides directions and disaster recovery procedures to plan for and prepare for the rare event of a pandemic disease outbreak. The objective is to address the fact that pandemic events can create problems beyond the scope of traditional staff and technology planning. 


Password Construction Guidelines 

The Password Construction Guidelines are designed to provide best practices for strong password creation. 


Password Protection Policy 

The Password Protection Policy establishes a protection standard for distributing and storing passwords. 


Security Response Plan Policy 

The Safety Response Plan policy requires that all business units develop and maintain a safety response plan. This ensures that the security response team has all the necessary information to respond effectively to a safety incident. 


End User Encryption Key Protection Policy 

The End User Encryption Key Protection Policy sets out the protection requirements for end-users with encryption keys. These requirements are intended to avoid unauthorized disclosure, negligence, and wrongful abuse of encryption keys. 


Acquisition Assessment Policy 

Acquisition Evaluation Policy defines the minimum-security requirements for an Infosec acquisition evaluation. 


Bluetooth Baseline Requirements Policy 

The Bluetooth Baseline Requirements Policy provides a minimum standard to connect Bluetooth devices to the network devices of your company. The minimum standard shall protect personal data and critical company information. 


Remote Access Policy 

The Remote Access Policy lays down the rules and conditions for connecting any host to your company's network. These rules and requirements are intended to reduce the potential risk of damage to your company due to the unauthorized use of your company resources.  

 

The firm has written policies and procedures related to the use of mobile devices by staff who access data in the cloud.

 

FIN Compliance/Lancer does not maintain access to any client records.  Google cloud security maintains strict protocols to restricted access of end user data.

 


Cookie Policy for FINCompliance.io 

This is the Cookie Policy for FINCompliance.io, accessible from
FINCompliance.io


What Are Cookies 

As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or 'break' certain elements of the site's functionality.


How We Use Cookies 

We use cookies for a variety of reasons detailed below. Unfortunately, in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.


Disabling Cookies 

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies. This Cookies Policy was created with the help of the Cookies Policy Generator from CookiePolicyGenerator.com.


The Cookies We Set 


Third Party Cookies 

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.


More Information 

Hopefully, that has clarified things for you and as was previously mentioned if there is something that you are not sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our site.
For more general information on cookies, please read "What Are Cookies" in this document.
However, if you are still looking for more information, you can contact us through one of our preferred contact methods:


If you believe that FINCompliance.io has not adhered to this Statement, please contact FINCompliance.io at: 650-305-2688


FINCompliance.io

Roberson Ventures Group, Inc.

Attn: Cory Roberson

2950 Buskirk Avenue, Suite #300

Walnut Creek, California 94597


Email Address:

Cory@FINCompliance.io

Telephone number: 650-305-2688

Effective as of August 31, 2018

  • Sign Up for Account

  • Take Assessment

  • Discuss Services with our Team

Build Compliance Portal To Manage Tasks