These days, there’s a lot to be afraid when it comes to security and your personal data. Many websites and services are careless by exposing your personal data to the internet or reckless by selling your personal data to others. When you use a service, remember that if it’s free: you’re the product. You are pretty much guaranteed that advertisers will get access to you and/or your information.
FI Me To The Moon believes strongly in a world where everyone has 1) full access to their data (to delete, download, etc.) 2) does not need to worry about not knowing how their service uses their personal information and 3) last but definitely not least, can be confident that their information is secure.
For more information about how FI Me To The Moon accomplishes #1 and #2, check out our values and promises. Security is so important, we have dedicated this page to just #3.
Before we go into how we secure your information, let’s start before one line of code was written for FI Me To The Moon. Our founding team has worked at places like Amazon (an industry leader in customer security), Arivale (a health company where data had to be HIPAA compliant), etc. We have absorbed the culture and information from those and many other companies which form the foundation of our promise to you that not only is security at top of our mind, but we’re extending the knowledge learned from these other great security focused companies to this one.
Bird’s Eye View
We have separated this public website that doesn’t offer any actual services and the services themselves so that neither can access the other. This reduces the blast radius so that if this public website were ever compromised, it would be impossible to get at any of our service-related data. This includes running everything in completely different accounts and different networks. In addition to running the properties in isolated environments, each environment has security best practices applied. This means that only things that need to be accessible by the internet are accessible on the internet. Crucial infrastructure like databases and other things that don’t need to be accessed except by internal services are not addressable on the internet, further reducing the potential attack plane.
All communication is secured from end-to-end, including in transit and at rest. This means that all of your data is secured when it leaves you, while it’s in our hands, and when it comes back to you. We explicitly don’t store extremely critical information, for instance we do not directly store your credit card information or bank account credentials in our environment. Any time those are needed, they are given directly to the services that need them after which activities can be done using those things without having access to the credentials themselves. Those company’s entire businesses rely on keeping that information secure.
If you have any security-related questions, please don’t hesitate to reach out. You can email us at firstname.lastname@example.org.