Security Contact

Contact Our Security Team

One address reaches the people who can act: security@fintrahub.com. It routes vulnerability reports, privacy and data-subject requests, compliance due diligence, and incident questions directly to Fintra’s security team - monitored continuously, with acknowledgment SLAs we hold ourselves to.

What to send where

security@fintrahub.com is the front door for everything security-shaped. Routing inside is our job, not yours.

  • Vulnerability reports - see the Vulnerability disclosure policy for scope and safe harbor.
  • Privacy and data-subject requests - access, export, correction, deletion.
  • Compliance due diligence - security questionnaires, DPA requests, subprocessor list, SOC 2 alignment documentation.
  • Suspected account compromise or fraud - flagged URGENT in the subject line for priority handling.

Response SLAs

A security contact that doesn’t answer is theater. Our commitments: acknowledgment of vulnerability reports within 2 business days; initial response to privacy requests within 5 business days (statutory clocks like GDPR’s 30 days run from receipt); due-diligence requests answered within 5 business days; suspected-compromise reports triaged same business day. If we need more time on a complex issue, you get a status update rather than silence.

What to include in a report

The more precise the report, the faster the fix. For security issues, include: what you found and where (URL, endpoint, or feature), steps to reproduce, observed vs. expected behavior, any relevant request/response snippets with sensitive values redacted, and how we can reach you for follow-up. Screenshots and timestamps help. For privacy requests, write from the email associated with the account so verification is fast.

Escalation and follow-up

If you believe a report has stalled - no acknowledgment within the SLA or no substantive update in 10 business days - reply on the same thread with ESCALATION in the subject line, and it is raised to security leadership. For active incidents affecting your account, the Status page carries real-time updates alongside direct email notification to tenant admins.

Frequently asked questions

How fast will I hear back?

Vulnerability reports are acknowledged within 2 business days; privacy and due-diligence requests get an initial response within 5 business days; suspected account compromise is triaged the same business day.

Do you support encrypted reporting?

Ask on the thread and we’ll arrange a secure channel for sensitive payloads. Regardless of channel, redact credentials and customer data from initial reports.

Can I use this address for sales or support questions?

Product support and sales move faster through the in-app support channel or hello@fintrahub.com. security@fintrahub.com is reserved for security, privacy, and compliance matters so those never queue behind general mail.

Who reads security@fintrahub.com?

It routes directly to Fintra’s security team - the engineers with authority to triage, patch, and escalate - not a generic ticket pool. That’s why the SLAs are ones we can actually keep.

Questions about security contact?

Our security team answers due-diligence questions directly - documentation, DPAs, and evidence available on request.

Talk to our security team