Security

Security at CoFina

Our commitment to protecting your data

At CoFina, security is foundational to everything we build. We handle sensitive financial data and take that responsibility seriously. This page outlines our security practices and how you can report security concerns.

Our Security Commitments

  • SOC 2 Compliance - Independently audited controls for security, availability, and confidentiality
  • Encryption - All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls - Role-based access with principle of least privilege
  • Monitoring - 24/7 infrastructure monitoring with automated alerting
  • Vendor Security - All third-party integrations are vetted for security compliance

Reporting Security Vulnerabilities

We appreciate the security research community and welcome responsible disclosure of potential vulnerabilities. If you believe you have discovered a security issue in our systems, please report it to us.

Report Security Issues

Email: security@cofina.ai

What to Include in Your Report

To help us investigate and resolve issues quickly, please include:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any proof-of-concept code or screenshots
  • Your contact information for follow-up questions

Our Commitment to Researchers

  • Acknowledgment - We will acknowledge receipt of your report within 2 business days
  • Communication - We will keep you informed of our progress as we investigate
  • No Legal Action - We will not pursue legal action against researchers who follow responsible disclosure practices
  • Recognition - With your permission, we will credit you for your discovery

Responsible Disclosure Guidelines

We ask that security researchers:

  • Give us reasonable time to investigate and address the issue before public disclosure
  • Avoid accessing, modifying, or deleting data that does not belong to you
  • Do not perform testing that could degrade or disrupt our services
  • Do not use social engineering, phishing, or physical attacks against our employees

Service Status

For real-time information about service availability and incidents, visit our status page.

Contact

For security-related inquiries:

CoFina.ai, Inc.
Security Team: security@cofina.ai

Return to HomePrivacy Policy