FinaviHubBETA
for confidence, clarity and control on your money

Security Policy

Last Updated: 19 March 2026

Our Commitment to Security

FinaviHub takes the security of your personal and financial data seriously. This page describes the technical measures we have in place to protect your information.

What We Protect Your Data With

  • Password hashing: Your password is never stored. We use bcrypt with a high cost factor (12 rounds) — a one-way hashing algorithm — so even in the unlikely event of a database breach, your password cannot be recovered.
  • Encrypted data in transit: All communication between your browser and FinaviHub is encrypted using TLS (HTTPS). Data cannot be intercepted in transit.
  • Encrypted data at rest: Your data is stored in Neon Database, which encrypts all data at rest using AES-256.
  • Secure authentication: We use JSON Web Tokens (JWT) for session management. Tokens are signed and validated on every request.
  • Infrastructure security: FinaviHub is hosted on Replit, which provides platform-level infrastructure security including network isolation and DDoS protection.

Account Security

  • Passwords must meet minimum strength requirements on registration
  • Your actual password is never visible to us or stored in any readable form
  • We will never ask for your password via email

Third-Party Providers

We use reputable third-party infrastructure providers to operate FinaviHub:

  • Replit — application hosting
  • Neon Database — database storage with AES-256 encryption at rest
  • OpenAI — AI coaching features (financial data is sent to OpenAI only to generate your coaching responses; it is not used for model training under OpenAI's API terms)

Data Breach Response

In the event of a data breach, we will:

  • Assess and contain the breach as quickly as possible
  • Notify affected users promptly as required by applicable law
  • Report to the relevant supervisory authority within 72 hours where legally required
  • Take steps to prevent recurrence

How You Can Protect Your Account

  • Use a strong, unique password for your FinaviHub account
  • Do not share your account credentials with anyone
  • Keep your device's operating system and browser up to date
  • Be cautious of phishing — we will never ask for your password via email
  • Log out when using a shared or public device
  • Contact us immediately if you suspect unauthorised access to your account

Reporting a Security Concern

If you discover a potential security vulnerability or have a concern about the security of your data, please contact us immediately at contact@finavihub.com. We take all reports seriously and will investigate promptly.

Contact

Email: contact@finavihub.com

Back to Home