Security

Security built for program data

FundFlow follows the AWS Shared Responsibility Model: AWS secures the cloud, FundFlow secures what runs in it, and we give clients the controls and audit trail their reviews require.

Controls

Defense in depth, end to end

The controls below are implemented in infrastructure templates, application code, and CI/CD workflows.

Layered authentication

HMAC-signed internal requests, Auth0 RS256 JWTs validated against cached JWKS, and a database-backed role lookup — browser-controlled role state is never trusted.

Database-backed RBAC

A valid token alone never grants access. Roles follow a strict hierarchy from superadmin down to readonly, enforced server-side on every request.

Encryption of sensitive data

PII and Plaid tokens are encrypted at the application layer (Fernet/AES) before storage, with TLS and HSTS protecting data in transit.

Private compute & perimeter

Fargate tasks run in private subnets with no public IP, segmented security groups, and AWS WAF rate limiting on sensitive endpoints.

Secrets management

Secrets live in SSM Parameter Store scoped per environment and are injected at launch — never hard-coded — with gitleaks scanning the full history.

Supply-chain scanning

CodeQL SAST, Trivy image scanning, and pip-audit / pnpm audit run as hard-fail gates in CI/CD before code reaches production.

Logging & monitoring

Structured request logging with correlation IDs, CloudWatch dashboards, and pre-migration database snapshots for safe schema changes.

Audit trail

Entity-level audit logs and user activity history make every decision and change reviewable for compliance and due diligence.

Shared responsibility, made explicit

AWS secures the physical and managed infrastructure. FundFlow secures identity, network, data, and application logic. Clients and white-label partners own user provisioning, role assignment, credential protection, and the accuracy of the data they submit. We document where each responsibility sits so security reviews have a clear, honest starting point.

Bring your security questions

We're happy to walk through our posture, controls, and shared-responsibility model with your security team.

Security | FundFlow