Fincord logoFincord
GET STARTED

SECURITY

Security is built into the way Fincord syncs.

Fincord is designed to move financial data into Notion with a security-first posture: minimal retention, encrypted credentials, trusted connectivity partners, and operational controls around how sync workflows run.

Security summary

Encryption

AES-256-GCM

Bank connectivity

Plaid

Reporting

security@fincord.io

Need help?

If you have a security question, disclosure, or trust review request, contact the team directly.

Contact securityView privacy policy

PRINCIPLES

Core security decisions behind the product.

Data minimization

We keep the sync path lean.

Fincord is designed to move the minimum data needed to complete a sync. We avoid retaining sensitive transaction data on our servers longer than required for processing.

Credential protection

Integration secrets are encrypted at rest.

Sensitive integration credentials such as Plaid and Notion access tokens are encrypted before storage and handled only by server-side systems.

Trusted connectivity

Bank connections rely on Plaid.

Fincord does not build direct bank credential flows. Bank connectivity is powered through Plaid, a dedicated financial connectivity provider.

OPERATIONS

Operational controls that support day-to-day security.

Security is not one feature. It is a set of controls around authentication, secrets, webhooks, and how sync jobs are run and monitored.

  • Authenticated application access with verified user sessions
  • Server-side processing for syncs, webhooks, and integration credentials
  • Webhook verification for external providers such as Polar, Plaid, and Resend
  • Audit and webhook logging for operational traceability
  • User-level email suppression handling for bounced and complaint-based email events
  • Scoped integration setup so users explicitly choose what gets connected and synced

DISCLOSURE

Responsible reporting and follow-up.

We want security reports to be easy to submit and easy to act on.

How to report an issue

If you discover a potential security issue, email a clear description, reproduction steps, affected URLs or user flows, and any supporting screenshots or logs.

What to avoid

Please do not attempt destructive testing, denial-of-service activity, social engineering, or access to data that does not belong to you.

How we respond

We review reports, validate impact, prioritize remediation, and follow up as quickly as practical. For active issues, we will work to contain risk first and then ship the fix.

CONTACT

Questions about security, privacy, or your setup?

Reach out if you need clarification on controls, data handling, or a specific concern related to your Fincord account.

Email securityContact support