Our Commitment to Data Security

At Finmate, protecting your financial data is our highest priority. We utilize modern, cloud-based systems with enterprise-grade security controls to ensure the confidentiality, integrity, and availability of your information in compliance with Canadian data protection standards.

1. Secure Cloud Infrastructure

Finmate operates exclusively on industry-leading, secure cloud platforms. All core systems—including QuickBooks Online (core accounting), Dext/Hubdoc (secure document collection), and Google Workspace (encrypted storage/communication)—employ the following controls:

• Encryption at Rest and In Transit using industry-standard protocols.
• Secure cloud hosting with continuous monitoring.
• Regular patching and updates.

2. Access Control and Permissions

We enforce a strict Principle of Least Privilege:

Role-Based Access: All users and employees are assigned access based strictly on their required role.

Contractor Access: Independent contractors only access client folders and data specifically assigned to them.

Authentication: No shared logins or passwords are permitted. Multi-Factor Authentication (MFA) is mandatory wherever possible.

Revocation: Access is immediately revoked upon role completion or termination of employment/contract.

3. Data Handling Practices

We employ procedures to prevent the unauthorized storage or transmission of sensitive data:

• Financial documents are never stored on personal devices.
• Sensitive client data is not shared via unsecured channels like personal email or instant messaging (e.g., WhatsApp).
• Client data is segregated and never commingled across different clients.

4. Compliance and Audit Readiness

Our data practices are aligned with key Canadian standards:

PIPEDA Principles: Adherence to fair information practices.

CRA Audit Documentation: Secure retention and archival policies meet documentation requirements for Canada Revenue Agency (CRA) audits.

Secure retention and archival policies are enforced.

5. Payments and Banking Security

Where Finmate is involved in payment or banking processes, transactions are managed through secure Canadian banking platforms that feature:

• Dual approvals for outgoing payments.
• Encrypted transfers.
• Full audit trails for all financial movements.

6. Incident Response Protocol

In the unlikely event of a security breach or incident, Finmate has a formal response plan that includes:

• Immediate containment, isolation, and detailed investigation of the incident.
• Client notification, where required by law or deemed necessary.
• Thorough remediation and implementation of preventive controls to mitigate future risk.

7. Client Responsibility

To maintain the highest level of security, Clients are encouraged to:

• Utilize the secure upload links or portals provided by Finmate (e.g., Dext, Hubdoc).
• Avoid sending financial or sensitive data through unsecured email channels.