Security and Data Protection

En Finmatch, the security and protection of your personal data is our top priority. We implement multiple layers of security to ensure the confidentiality, integrity, and availability of your information.

1. Encryption and Protection in Transit

2. Infrastructure and Access

Certified Cloud Providers

We use hosting services with international certifications:

• ISO 27001: Information security management
• SOC 2 Type II: Operational security controls
• Data centers with high availability and redundancy

Access Control

• Principle of least privilege: Only authorized personnel have access to personal data
• Multi-factor authentication (MFA): For access to critical systems
• Audit log: All access is recorded
• Confidentiality agreements: All staff sign privacy commitments

3. Monitoring and Threat Detection

• Monitoreo 24/7: Automated systems detect suspicious activities
• Firewall de aplicaciones web (WAF): Protection against common attacks (SQL injection, XSS)
• DDoS protection: Infrastructure resistant to denial-of-service attacks
• Periodic security audits: Quarterly reviews by independent third parties

4. Password Management

Recommendations for users:

• Use unique and strong passwords (minimum 8 characters, combining letters, numbers, and symbols)
• Do not share your password with anyone
• Change your password periodically
• Use a reliable password manager

5. Data Backup and Recovery

• Daily automated backups: Your data is backed up in geographically distributed locations
• Disaster recovery plan: Documented procedures for service restoration
• Tiempo de recuperación objetivo (RTO): Máximo 4 horas
• Punto de recuperación objetivo (RPO): Máximo 24 horas

6. Protection Against Common Threats

Phishing and Identity Spoofing

⚠️ Nunca le pediremos:

• ❌ Su contraseña por correo electrónico o teléfono
• ❌ Complete banking information
• ❌ Verification codes through unofficial channels

How to identify legitimate Finmatch communications:

• ✅ Emails from @finmatch.online domains
• ✅ URLs starting with https://finmatch.online
• ✅ Notificaciones dentro de la aplicación móvil oficial

7. Privacy by Design

We apply the principle of "privacy by design" in all our developments:

• Data minimization: We only collect strictly necessary information
• Limited purpose: Data used only for stated purposes
• Limited retention: Automatic deletion of obsolete data
• Transparencia: Clear information about data use

8. Security Recommendations for Users

Protect your account:

• ✅ Log out after using the app on shared devices
• ✅ Keep your operating system and apps updated
• ✅ Use conexiones seguras (evite WiFi públicos para operaciones sensibles)
• ✅ Regularly review your account activity
• ✅ Active login notifications

Be alert to:

• ⚠️ Suspicious emails requesting personal information
• ⚠️ Shortened links from unknown sources
• ⚠️ Unofficial apps impersonating Finmatch
• ⚠️ Phone calls requesting access credentials

9. Third-Party Websites and Services

Finmatch may contain links to websites of financial institutions or other third parties for informational purposes. We are not responsible for the security practices of such sites. We recommend reviewing their privacy and security policies before providing them with information.

10. Security Incident Reporting

If you suspect a security vulnerability or incident related to your account, contact us immediately:

11. Regulatory Compliance

Finmatch complies with:

• Personal Data Protection Law of Armenia
• GDPR (General Data Protection Regulation of the EU) when applicable
• International best practices for information security

12. Documentos Relacionados

• Web Privacy Policy
• Términos y Condiciones
• Cookie Policy