Trust is hard-earned and easily lost, so we do everything in our power to protect you and your client’s data. We’re GDPR-compliant by design and keep data safe by encrypting it at all times. We carry out continuous penetration testing and best practice security reviews on the Silverfin platform.
Because we're committed to securing your data, our people, infrastructure and technologies are all frequently audited by external experts to ensure we meet and exceed industry standards. Silverfin has been ISO27001 certified since 2017, so you have our commitment that we’re in it for the long run.
The Silverfin cloud infrastructure runs on Google Cloud Platform because it delivers best-in-class security. Their data centres are monitored 24×7, have robust protections such as biometric scanning and video surveillance and are SOC1, 2 and 3 certified.
Encryption in transit
Whenever your data travels, it’s encrypted over TLS 1.2/1.3.
Encryption at rest
Stored data—including backups—is encrypted with AES-256-GCM.
Data sovereignty
Your data is completely logically segregated and never shared with other customers using Silverfin.
Single Sign-on
No need to create and remember new credentials. Easily integrate Silverfin into your existing access flows using SSO.
Multi-Factor Authentication
Using only a simple password doesn’t cut it any more. If you’re not using SSO, Silverfin allows you to enable MFA natively for all your users.
Your data, your rules
You own your data at all times, no questions asked. If you decide to part ways with Silverfin, your data will be removed after 3 months upon your request (including backups, automatically). To find out more, read our Privacy Policy and Data Processing Addendum.
We keep our engineers' tools sharp by providing them frequent opportunities to learn more about secure coding practices, with a laser-focus on OWASP top 10 vulnerabilities.
Our people play an essential role in protecting our organisation and your data. We organise yearly awareness campaigns and engage the workforce year-round with a variety of activities to build a strong security reflex & culture.
Silverfin runs a variety of automated (and some manual) security and vulnerability checks throughout the development lifecycle to ensure no vulnerable systems or insecure code enter our environment.
All of our data is backed up every single minute. These backups are stored in geographically distant locations with different providers, enabling us to rapidly recover from unexpected issues.
Approximately 88% of all data breaches involve some form of human error. Silverfin works with Phished, a multi-award-winning product that combines personalised, realistic phishing simulations with artificial intelligence, stopping 96% of phishing clicks.
Silverfin partners with Intigriti, Europe’s #1 ethical hacking and bug bounty platform. Ethical hackers with a wide variety of skills from all over the world are invited to test Silverfin’s applications for bug bounties, resulting in our applications being continuously tested for vulnerabilities. Testers can contact us to be added to the program.
Everyone at Silverfin has access to a personal vault in 1Password. We equip our people with tools to build secure habits, and empower them to protect Silverfin by storing all individual credentials in a multifactor protected vault.
