Contact Our Security Team
One address reaches the people who can act: security@fintrahub.com. It routes vulnerability reports, privacy and data-subject requests, compliance due diligence, and incident questions directly to Fintra’s security team - monitored continuously, with acknowledgment SLAs we hold ourselves to.
What to send where
security@fintrahub.com is the front door for everything security-shaped. Routing inside is our job, not yours.
- Vulnerability reports - see the Vulnerability disclosure policy for scope and safe harbor.
- Privacy and data-subject requests - access, export, correction, deletion.
- Compliance due diligence - security questionnaires, DPA requests, subprocessor list, SOC 2 alignment documentation.
- Suspected account compromise or fraud - flagged URGENT in the subject line for priority handling.
Response SLAs
A security contact that doesn’t answer is theater. Our commitments: acknowledgment of vulnerability reports within 2 business days; initial response to privacy requests within 5 business days (statutory clocks like GDPR’s 30 days run from receipt); due-diligence requests answered within 5 business days; suspected-compromise reports triaged same business day. If we need more time on a complex issue, you get a status update rather than silence.
What to include in a report
The more precise the report, the faster the fix. For security issues, include: what you found and where (URL, endpoint, or feature), steps to reproduce, observed vs. expected behavior, any relevant request/response snippets with sensitive values redacted, and how we can reach you for follow-up. Screenshots and timestamps help. For privacy requests, write from the email associated with the account so verification is fast.
Escalation and follow-up
If you believe a report has stalled - no acknowledgment within the SLA or no substantive update in 10 business days - reply on the same thread with ESCALATION in the subject line, and it is raised to security leadership. For active incidents affecting your account, the Status page carries real-time updates alongside direct email notification to tenant admins.
Frequently asked questions
How fast will I hear back?
Vulnerability reports are acknowledged within 2 business days; privacy and due-diligence requests get an initial response within 5 business days; suspected account compromise is triaged the same business day.
Do you support encrypted reporting?
Ask on the thread and we’ll arrange a secure channel for sensitive payloads. Regardless of channel, redact credentials and customer data from initial reports.
Can I use this address for sales or support questions?
Product support and sales move faster through the in-app support channel or hello@fintrahub.com. security@fintrahub.com is reserved for security, privacy, and compliance matters so those never queue behind general mail.
Who reads security@fintrahub.com?
It routes directly to Fintra’s security team - the engineers with authority to triage, patch, and escalate - not a generic ticket pool. That’s why the SLAs are ones we can actually keep.
Questions about security contact?
Our security team answers due-diligence questions directly - documentation, DPAs, and evidence available on request.
Talk to our security team