Our Commitment to Security
RenoFi takes security seriously.
As a part of our commitment to security, we have implemented a number of practices to ensure the security of our applications and customers' data.
- We encrypt sensitive customer data at rest and in transit.
- We place strict controls over our employees' access to the data you make available to us.
- Everyone on our team agrees to clear policies regarding customer data and treat these issues as matters of the highest importance.
- We conduct background checks on all employees before employment, and employees receive privacy and security training during onboarding.
- We use a number of automated tools to supplement our secure development practices, including static source code analysis, automated dependency updates, exception monitoring, and extensive logging. Additional systems scan our applications regularly for vulnerabilities.
RenoFi's System and Organization Controls (SOC) Report is an independent third-party report that demonstrate how RenoFi achieves key compliance controls and objectives. The purpose of this report is to help communicate and understand the RenoFi controls established to support security and compliance. RenoFi's enterprise customers may obtain a copy of the report through their account manager.
RenoFi partners with Federacy to operate a bug bounty program for security researchers. You can learn more about our program on Federacy's site.
Data security is a top priority for RenoFi, and RenoFi believes that working with skilled security researchers can identify weaknesses in any technology.
If you believe you’ve found a security vulnerability in RenoFi’s service, please notify us; we will work with you to resolve the issue promptly.
- If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at [email protected]. We will acknowledge your email as soon as possible, at most within one week.
- Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure to our team.
- Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the RenoFi service. Please only interact with domains you own or for which you have explicit permission from the account holder.
While researching, we’d like you to refrain from:
- Distributed Denial of Service (DDoS)
- Social engineering or phishing of RenoFi employees or contractors
- Any attacks against RenoFi's physical property or data centers
Thank you for helping to keep RenoFi and our users safe!
RenoFi is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to contact us.