Security

How we protect your data and privacy

🔒256-bit SSL Encryption
🛡️SOC 2 Type II Compliant
GDPR Ready

Our Commitment to Security

At Investra, security is foundational to everything we do. We understand that you trust us with sensitive financial information, and we take that responsibility seriously. Our security program is designed to protect your data at every layer of our infrastructure.

Data Encryption

🔐

In Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure transport protocol available.

💾

At Rest

Your data is encrypted using AES-256 encryption when stored in our databases, ensuring it remains protected even in storage.

🔑

Key Management

Encryption keys are managed through industry-leading key management services with automatic rotation and strict access controls.

Infrastructure Security

  • Cloud Infrastructure: We use enterprise-grade cloud providers with SOC 2, ISO 27001, and other industry certifications.
  • Network Security: Multiple layers of firewalls, intrusion detection systems, and DDoS protection safeguard our infrastructure.
  • Access Controls: Role-based access control (RBAC) ensures employees only access the data they need to do their jobs.
  • Monitoring: 24/7 security monitoring with automated alerts for suspicious activity.

Application Security

  • Secure Authentication: We support multi-factor authentication (MFA) and use secure, hashed password storage with bcrypt.
  • Session Management: Automatic session expiration and secure cookie handling protect against session hijacking.
  • Input Validation: All user inputs are validated and sanitized to prevent injection attacks and XSS vulnerabilities.
  • Rate Limiting: API rate limiting protects against brute force attacks and ensures fair usage.
  • CSRF Protection: Cross-site request forgery tokens protect all state-changing operations.

Payment Security

Investra does not store credit card information on our servers. All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor - the highest level of certification in the payments industry.

💳
PCI DSS Compliant

Your payment information is processed securely through Stripe and never touches our servers.

Data Privacy

  • Minimal Data Collection: We only collect data necessary to provide our services.
  • No Data Selling: We never sell your personal information to third parties.
  • Data Retention: We retain data only as long as necessary and provide easy data deletion options.
  • Transparency: Our Privacy Policy clearly explains what data we collect and how we use it.

Security Practices

  • Regular Audits: We conduct regular security assessments and penetration testing.
  • Vulnerability Management: We monitor for and promptly patch security vulnerabilities.
  • Employee Training: All team members complete security awareness training.
  • Incident Response: We maintain a documented incident response plan to quickly address any security issues.

Report a Security Issue

We value the security community and welcome responsible disclosure of potential vulnerabilities. If you discover a security issue, please contact us immediately.

Security Team

Email: security@investraapp.com

Please include detailed information about the potential vulnerability.