logoFx.io
Back to Home

Security at FX.IO

FX.IO meets enterprise standards for security and compliance, so you can trust your data is protected with industry-leading measures.

We take security very seriously. Below is an overview of our practices and policies to protect your data at all times. We'll update this page as needed to reflect our latest efforts.

Data Handling

Do We Train on Your Data?

No. We do not train on your data. We have opted out of data sharing with our LLM providers.

How Your Data Is Pulled and Stored

Data is retrieved from your connected apps only when you explicitly request it. Conversation history is stored securely and can be deleted anytime via your account settings.

Who Can See Your Data?

Only you and the FX.IO platform have visibility into your data by default. Our team has limited access, strictly for support or troubleshooting purposes, and only with your explicit permission.

Infrastructure Security

Hosting

Our servers run on AWS infrastructure, which undergoes regular third-party security audits (e.g., ISO 27001, SOC 2).

Data Centers

Our primary servers are in AWS's U.S.-based regions.

Data Backups

Encrypted backups are stored in multiple geographic locations and daily automatic backups for disaster recovery.

Authentication and Authorization

Admin Passwords

Admin passwords are hashed with bcrypt, and we never store passwords in plain text.

API Tokens

API keys and tokens are encrypted at rest and never stored in plain text.

Role-Based Access Control (RBAC)

All tokens are assigned specific roles, and users have access only to the data and features they need.

Encryption

In-Transit

All communication between FX.IO, your connected apps, and our LLM providers is protected by TLS (HTTPS).

At Rest

We use industry-standard AES-256 encryption for data at rest, including backups and temporary caches.

Highly Sensitive Data

Private keys, app tokens, and other secrets are encrypted using AES-256 and stored in a secure vault.

Frequently Asked Questions

How Can I Delete My Data?

You can remove conversation history or revoke app connections directly from your FX.IO dashboard at any time.

Can I Control App Permissions?

Yes. You can restrict permissions at the org level, and revoke these permissions at any time in the connections page.

Can FX.IO accommodate specific compliance requirements like GDPR or HIPAA?

We are actively evaluating compliance needs like GDPR, HIPAA, and SOC 2. Contact our sales team at sales@thefx.io to discuss specific compliance requirements.

If you have any other questions or concerns, please reach out to us at security@thefx.io. We're here to help.