RootFi’s Commitment to Data Security: Prioritizing Peace of Mind

Today, data security has become one of the central concerns for businesses globally. At RootFi, we have always taken privacy and security concerns seriously, especially because we enable businesses to connect to sensitive financial data on their customers' accounting platforms.

‍

Understanding the Need for Data Security for B2B Integrations

With RootFi, you can provide solutions like credit underwriting, accounting automation, and generating business insights by connecting your product to data from your customers’ accounting platforms.

Since RootFi’s Unified API acts as a middleware that connects your customers’ platforms to your product, ensuring we maintain the highest security standard is critical to your and your customer’s peace of mind.

‍

Why is Data Security Critical?

• Sensitive Information: Your customers' accounting data contains private business information that is confidential. Therefore, maintaining their data privacy is of utmost importance.
• Emerging Threats: With advancements in technology, security threats have also become sophisticated. Robust security measures ensure that we stay ahead of any potential threats.

‍

External Certifications and Compliance: Establishing Trust

At RootFi, we believe in reinforcing our commitment to data security through rigorous international standards:

‍

ISO/IEC 27001:2013 Certificate

As the leading international benchmark for information security management systems. Our ISO 27001:2013 certification speaks volumes about our dedication to robust security practices.

‍

SOC2 Compliance

SOC 2 compliance is part of the AICPAs’ Service Organization Control reporting platform. Our SOC 2 compliance consists of an independent audit report that tests five principles including security, availability, processing integrity, confidentiality, and privacy. Dive deeper into our SOC2 compliance in our blog.

‍

GDPR Compliance

The General Data Protection Regulation (GDPR) is the regulation pertaining to sensitive data regarding individuals in the European Union. As the world's toughest privacy and security law, our adherence ensures that we respect data rights, irrespective of geography. Learn more about our GDPR compliance on our blog.

‍

Internal Measures

Our commitment doesn’t end at external certifications:

1. No data storage: For the most stringent use cases, you can choose not to store any data on the RootFi system. By using Webhooks, you can still retrieve data from your customers without RootFi storing it. However, if you need to write data to accounting platforms, the data must be stored temporarily.
2. Data Integrity: With RootFi, you can be confident about your data's sanctity. We do not manipulate any underlying raw data, which is still accessible to you using authenticated Passthrough Requests.
3. Data Encryption: All data is encrypted at rest using AES-256-bit encryption, and while in transit, it's protected with Transport Layer Security (TLS 1.2).
4. Control in Your Hands: We believe in empowering our users. If the need arises, cached data can be instantly and wholly deleted with a single button click, giving you complete control.

‍

Business-Centric Consent: Your User’s Data, in their hands

Authorization is central at RootFi. We prioritize your customer’s control over their data. Access is always preceded by explicit consent, and under no circumstances do we sell any data, be it identifiable or anonymised, to third parties. Furthermore, we ensure no permanent storage of identifying data.

‍

Infrastructure Security

• Google Cloud Platform: Our serverless infrastructure on GCP ensures reliability and speed without compromising on security.
• Penetration Testing: Regular tests with our compliance partner, coupled with scans against known vulnerabilities, ensure we're always prepared.
• Employee Device Security: All employee devices at RootFi are managed to ensure patches, security policies, and vulnerability checks are always updated.

‍

Conclusion

Data security is our utmost priority. At RootFi, every measure, every certification, and every protocol underlines this commitment. Interested to learn more? Feel free to get in touch with our team or sign up to learn more.

‍