The communication between the AI assistant and Fi MCP uses HTTPS/TLS to encrypt the data in transit.
Access to the MCP server is granted only after a TOTP-based authentication. Once authenticated, the AI assistant receives a temporary token to access the financial data. This token is short-lived and invalidated automatically after a brief period of time.
Additionally, we regularly conduct independent security audits and third-party penetration tests to proactively identify security issues, validate security controls, and ensure the highest security standards for our application and infrastructure.