Risk and Compliance

We do not handle or collect any financial information, and the extent of PII we handle is limited to the names, email addresses, and phone numbers of our customers. We conduct regular reviews of our cloud storage and email accounts to ensure we're adhering to this commitment. If we ever change the categories of data we collect, we will work to become compliant with any applicable regulations.

Privacy

We collect only minimal information on our website (name and email). For more information about how we use your data, check out our Privacy Policy.

Incident Response

We follow all of the latest best practices for our security incident response process. While we are a smaller company without a dedicated security team, we align our practices with NIST standards.

Awareness and Training

Privacy and Cyber Security Training is completed once a year, and during each employee's onboarding. All employees sign a security policy agreement after completing the annual training.

Threat Monitoring

Rather than maintaining our own servers, Finite relies on third-party cloud software. Our security measures include:

Antivirus / anti-malware
Cloudflare Firewall
LastPass Enterprise
Two-factor authentication
Principle of least privilege

Reporting a vulnerability

Found something? Email info@finite-partners.com with details. See our security policy for scope.