📌 Why should you trust cloud services more?
There are three main problems with storing information on a local drive, which could be your personal computer or an employee’s work computer.
🔻 First, hard drives are prone to breaking down and failing, which is completely beyond your control. This means there is a high probability of data loss without the possibility of recovery.
🔻 Second, any information stored on a hard drive can be accessed physically. This could be an employee who inserted a flash drive and extracted the data, or people who broke into the office at night. There is also a possibility that someone will connect to your computer via a local network and extract information. Thus, the appeal of a cloud service is that there is no physical access to it.
🔻 Thirdly, if information stored on only one medium is deleted, there is no way to recover it. Cloud services have the wonderful ability to store information in multiple locations simultaneously. Accordingly, it is not so easy to accidentally delete information, and it can always be recovered.
In addition, access to cloud storage is always much more difficult than offline storage. There are authorization steps that ensure confidentiality. There are also special markers (tokens) that are generated for each login and password combination and are subject to change. This means that users who have logged in before cannot re-enter the system without valid credentials.
📌 Where is the data physically located?
Finmap’s physical data is located on several servers in Europe (technically closer to Ukraine and the European Union countries for faster connection). These servers belong to one of the largest and most reliable cloud storage providers in the world. For security reasons, we do not publish their names. Hosting on different services ensures uninterrupted and fast operation even in the event of a failure in one of the data centers.
📌 What security methods does Finmap use?
We use a geographically distributed system based in several data centers. Each of them is ISO 27001 certified, which is confirmed by compliance with strict information security rules, regular audits, and continuous process improvement. Encrypted communication channels are used to transfer information between data centers. All information is transmitted via TLS/SSL — cryptographic protocols for secure connections.
Each company’s data is stored only in the data center and is accessible only to the Finmap user who entered it. Most servers are located within the DMZ — a network segment with publicly available services that is separated from private systems. This means that there is no direct access from the Internet to critical resources — they are only accessible through controlled gateways of the data center operator where the Finmap web portal is located. TLS/SSL with asymmetric encryption is used between the user and the server for authentication, symmetric encryption for confidentiality, and message authentication codes to preserve integrity.
📌 Password storage.
All passwords entered by users are stored only as hashes. We use strong hashing algorithms with salt (e.g., Argon2/bcrypt). This means that even if the hash is compromised, an attacker will not be able to recover the original password; hashes are used solely to verify validity during login.
📌 Open API protection and rate limiting.
The open API for end users is protected at all stages of request processing: authentication/authorization with tokens, input data validation, rate limits, and anti-brute-force. This limits the activity of a potential attacker and makes it impossible to pick up credentials or guess passwords en masse.
📌 Connection encryption with a full certificate chain.
All connections use TLS/SSL with a full certificate chain (root + intermediate), which ensures correct trust verification in all modern browsers and clients.
📌 What are the access levels among developers?
All developers work with a test database with fictitious data. They do not have access to real data. No one works with the production database directly: the backend developer cannot do anything with it outside of controlled interfaces. Access to the database is only possible from a fixed set of IP addresses (backend). Connecting to the database from “outside” is impossible in principle. The frontend and backend are located separately; keys and network policies are used to hide database access addresses and restrict acceptable request sources.
📌 What data must be entered into Finmap?
Finmap does not require you to enter official data (full company name, EDRPOU code, list of founders, official email addresses, names of counterparties, investors, creditors, clients, employees, etc.). You enter the names that you deem necessary. You need to enter financial data for accounting purposes, but the names of counterparties and companies can be arbitrary. The service does not contain databases of your customers’ and contractors’ personal data — for example, there may be “designer Alina” without any identifying data. The Finmap team does everything possible to maintain the integrity, security, and confidentiality of your data and is constantly improving security.
📌 Results of the latest regular security audit.
The security audit was conducted by Sigma Software. The system successfully passed the audit and received a security rating of “Average.” This means that basic security methods and practices are in place and working properly, but there are areas where protection should be strengthened to reduce potential risks in the future.
The audit found:
🔻 0 critical vulnerabilities — no issues that would allow the system to be easily compromised.
🔻 0 severe vulnerabilities — no errors requiring immediate correction were found.
🔻 6 medium vulnerabilities — this is a signal to the team that some aspects of security need to be optimized. They do not pose critical risks at the moment, but may have an impact in the future if not addressed.
🔻 10 low vulnerabilities — these are minor issues that do not significantly affect security, but fixing them will help improve the overall level of protection and quality of processes.
The system has confirmed compliance with key information security methods and practices. At the same time, the audit results indicate areas for improvement, and work on this is already underway. Of the vulnerabilities listed, 2 medium (33%) and 5 low (50%) have been eliminated, and the rest are in the process of being fixed.
Finmap is a service you can trust. Finmap stores data in certified data centers in Europe, uses modern encryption methods, and has multi-level access control. Regular audits, including the latest one from Sigma Software, confirm the absence of critical vulnerabilities and demonstrate that we are constantly improving security to keep your business flow safe 24/7.