Fynease handles confidential financial data for controllers and fractional CFO practices. We take that responsibility seriously. Here is exactly how we protect it.
Every Fynease account operates in a strict multi-tenant environment with complete data isolation. Your client data is never accessible to other Fynease accounts, Fynease staff, or any third party — including any firm that builds on or integrates with Fynease. There are no shared data stores, no cross-client benchmarking that exposes individual client data, and no reporting that aggregates identifiable client information.
Fynease connects to QuickBooks Online via OAuth 2.0 — the same secure authorization standard used by QuickBooks Online integrations. Your QuickBooks Online credentials never pass through Fynease servers. You authorize the connection directly through Intuit's authentication flow, and you can revoke access at any time from your QuickBooks Online account settings.
All data transmitted between Fynease and QuickBooks Online, and between your browser and Fynease, is encrypted using TLS 1.2 or higher. We do not transmit financial data over unencrypted connections under any circumstances.
All data stored in Fynease is encrypted at rest using AES-256 encryption. Database backups are encrypted using the same standard. Encryption keys are managed through a dedicated key management service and are rotated on a regular schedule.
Fynease supports role-based access control within each account. Account administrators can assign Standard or Admin roles to team members, with access controls configurable at the client level. Fynease staff do not have access to customer data except as strictly required to diagnose a reported technical issue, and only with the account holder's explicit consent.
Fynease is hosted on enterprise cloud infrastructure with SOC 2 Type II certification. Our infrastructure provider maintains physical security, redundancy, and availability SLAs that meet the requirements of financial services workloads. Data is stored in Canada and the United States in compliance with applicable data residency requirements.
Fynease uses a limited number of subprocessors to deliver the service — including our cloud infrastructure provider, our authentication provider, and our payment processor. We maintain data processing agreements with all subprocessors and require them to maintain security standards consistent with our own.
Fynease maintains a documented incident response procedure. In the event of a security incident affecting customer data, we will notify affected account holders within 72 hours of becoming aware of the incident, in accordance with applicable privacy legislation including PIPEDA and applicable provincial privacy laws.
If you have security questions or concerns, contact us at security@fynease.com. We respond to all security inquiries within one business day.