About Us
Features
Pay with Fi
Automate
Rewards
Borrow
Resources
Scan QR to get the Fi app
About Us
Features
Pay with Fi
Automate
Rewards
Borrow
Resources
Scan QR to get the Fi app
Security
Epifi Technologies Private Limited (epiFi or Company) is a fintech company providing financial solutions and services. We believe that our customers (You) should remain convinced their data is in safe hands. This page speaks about our security practices and how we maximise the safety of your data.
Cloud Infrastructure
Host Security
Data Security
Incident and Change Management
Vulnerability Assessment and Penetration Testing
Responsible Disclosure
Privacy Practices
We aim for the highest standards of safety, security and confidentiality when using your data. This policy also describes how we securely collect and preserve your information.
TL;DR: We have deployed state-of-the-art infrastructure audited by industry experts (like BishopFox) to ensure maximum security of your data. But here are the details for each section -
Cloud Infrastructure ☁️
We host our website on Amazon Web Services (AWS), which provides a secure and scalable technology platform.
Our infrastructure is launched in compliance with AWS’ Well-Architected Framework and incorporates best practices from the AWS Cloud Adoption Framework from the security perspective.
All communication between the Platform and our servers stay protected via 256bit encrypted HTTPS protocol. Anyone or anything, including a supercomputer that attempts to pry, may take years to get the decryption combination using a trial-error method.
We use HTTPS protocol for our website and mobile applications (referred to as “Platform”). It lets us securely transmit sensitive data over the internet.
To improve cybersecurity, we also have strict network segmentation and isolation of environments and services in place. Translation: During untoward scenarios, we can limit the impact within tiny sections while the overall system remains unaffected.
Host Security 🔒
We use industry-leading solutions around anti-virus, anti-malware, intrusion prevention systems, and intrusion detection systems. We also apply the same standards for file integrity monitoring, application control, application and audit log aggregation, and automated patching.
All our servers are secured and hardened as per the Center for Internet Security (CIS) Benchmarks.
All our servers are secured and hardened as per the Center for Internet Security (CIS) Benchmarks.
Data Security 💾
The user log-in is based on two-factor authentication on the Fi website and mobile application. All user data and internally stored data is encrypted at rest and in transit. Sensitive data is encrypted at the application level in addition to Transport Layer Security (TLS).
We employ separation of environments, network segregation, segregation of duties, and strict role-based access control on a documented, authorised & need-to-use basis.
We use key management services to limit access to information, except for the data team.
We only use anonymised and aggregated data for internal analytics and business intelligence purposes.
We use data replication for data resiliency and disaster recovery; snapshotting for data durability, and backup/restore testing for data reliability.
Incident and Change Management ✍️
We have deployed mature processes around change management, enabling us to release thoroughly tested features for you both reliably and securely.
We have a very aggressive stance on Incident Management on both Systems downtime and Security and Network Operations Center. We have an Information Security Management System that quickly reacts, remediates or escalates any incidents arising out of planned or unplanned changes.
We have a very aggressive stance on Incident Management on both Systems downtime and Security and Network Operations Center. We have an Information Security Management System that quickly reacts, remediates or escalates any incidents arising out of planned or unplanned changes.
Vulnerability Assessment and Penetration Testing 🔎
We have an in-house network security team which uses industry-leading products to conduct manual and automated Vulnerability Assessment and Penetration Testing activities
We employ both static application security testing and dynamic application security testing. Both get incorporated into our continuous integration / continuous deployment pipeline
We will bring in auditors certified by Computer Emergency Response Team (CERT-IN) to do periodic external testing and audits.
We employ both static application security testing and dynamic application security testing. Both get incorporated into our continuous integration / continuous deployment pipeline
We will bring in auditors certified by Computer Emergency Response Team (CERT-IN) to do periodic external testing and audits.
Responsible Disclosure ✔️
All of us at Epifi (Epifi Technologies Private Limited) are committed to our user's data and privacy.
We blend security at multiple steps within our products with state-of-the-art technology to ensure our systems maintain strong security measures.
The overall data and privacy security design allow us to defend our systems from various attacks.
You could submit a bug report to us at security@fi.money with detailed steps required to reproduce the vulnerability.
We shall put the best of our efforts to investigate and fix the legitimate issues in a reasonable time frame – while requesting you not to disclose it publicly.
Privacy Practices 🔑
We will never rent or sell your information or data to anyone. We never use or transfer your data for serving ads, including retargeting, personalised, or interest-based advertising. We will use your data for legitimate purposes only while safeguarding your privacy concerns.
We will never provide any part of your information to anyone unless explicitly agreed by you. We would be sharing your information primarily with
We will never provide any part of your information to anyone unless explicitly agreed by you. We would be sharing your information primarily with
a. members of epiFi (including our affiliates/subsidiaries and business partners) for providing you content, products, customer support etc.
b. financial institutions and partner banks and the like.
By way of example, some of the uses of your Personal Data would include
a. Providing additional services, including customer support
c. Contacting you through a voice call or SMS or email
b. Processing transactions and verifying your identity (including during account creation and password reset processes)
d. Providing, and customising, offers for you
You have the right to de-link your Gmail account with the application at any time and/ or delete account information obtained from Gmail by writing to privacy@fi.money.
Please refer to our Privacy Policy for more information.
Please refer to our Privacy Policy for more information.
Know your money
Automate
Pay with Fi
Resources
Pronounced Fī(-ē) and sounds like
hi
sky
tie
fly
Contact Fi Money customer care
Fi is a money management platform that re-imagines the banking experience in India. The Fi-Federal Savings Account, is a digital bank account that gives you the fastest way to open a bank account online.
You can do everything from the Fi App, including p2p payments, fund transfers, bill payments, and more, with features to automate every action. You also get a Fi-Federal co-branded Debit Card, spends insights and tools to grow your investment and earn rewards.
Disclaimer: You may have noticed some brand logos used on this website to indicate where you, as a user, may or may not have spent money. We don’t endorse these brands. Nor do these brands endorse us. The logos of the specific brands are owned by them.
© epiFi Wealth Pvt. Ltd. 2023
© epiFi Technologies Pvt. Ltd. 2023