At ClearFin Digital Inc. ("ClearFin", "we", "our", or "us"), protecting the confidentiality, integrity, and availability of your data is a top priority.
This Security Policy outlines the measures we take to ensure your information is handled safely across our systems, services, and infrastructure.
We employ strict administrative, technical, and physical safeguards to protect your data against unauthorized access, loss, alteration, or misuse.
Security is an integral part of our design philosophy -- embedded in every product, process, and partnership we build.
All systems are hosted on secure, industry-leading cloud providers with continuous monitoring.
Data centers comply with internationally recognized security standards such as ISO 27001 and SOC 2.
Access to infrastructure is restricted, logged, and protected with multi-factor authentication (MFA).
Network traffic is encrypted and monitored to detect unauthorized or malicious activity.
All web traffic uses HTTPS with TLS encryption.
Data in transit and at rest is encrypted using AES-256 or equivalent standards.
Regular security assessments, penetration testing, and vulnerability scans are conducted to identify and fix potential risks.
Role-based access controls ensure users only access data relevant to their permissions.
Employees undergo background checks (where legally permissible) and receive regular security awareness training.
Strict least-privilege and need-to-know principles are enforced across all roles.
Access credentials are stored securely and reviewed periodically.
ClearFin maintains a structured Incident Response Plan (IRP).
In the event of a suspected or confirmed breach, immediate containment, investigation, and remediation steps are initiated.
Affected users and regulatory authorities will be notified as required by applicable laws.
We work only with trusted third-party vendors and service providers who meet our security and privacy standards.
All vendors undergo due diligence, risk assessments, and contractual obligations to maintain data protection compliance.
Security is an ongoing process.
We regularly evaluate and update our policies, tools, and defenses to stay ahead of emerging threats and maintain resilience.
If you discover a vulnerability or potential security risk in our systems, please report it responsibly to:
We review every report promptly and take appropriate corrective actions.
For any questions about this Security Policy, contact us at: