FiniteSkills content

Security & Trust Center

You are trusting FiniteSkills with your organization’s email, files and conversations. This page explains, in plain language, how we protect them.

Encryption

In transit

All connections to FiniteSkills web apps and APIs use HTTPS/TLS. Mail submission and retrieval use TLS on standard secure ports (SMTPS, submission with STARTTLS, IMAPS).

Email authenticity

Outbound mail is signed with DKIM and protected by SPF and DMARC policies, which protects your domain’s reputation and helps your mail reach the inbox.

At rest

Application data is stored on access-controlled servers that we operate. Chat message content is stored encrypted, and access to production storage is limited to authorized administrators only.

Tenant isolation

Every FiniteSkills workspace is scoped to its organization. Mail, files, chats, meetings, CRM and ERP records carry the organization’s identity, and the application layer enforces that users can only reach records belonging to their own organization. Cross-organization access attempts are denied and tested as part of our release checks.

Infrastructure and operations

  • Hardened servers: production servers use key-only SSH (passwords disabled), default-deny firewalls, intrusion-protection (fail2ban) and rate limiting at the web tier.
  • Least-privilege access: administrative interfaces are restricted to named administrators and, where applicable, to specific source networks.
  • Patching: servers run current operating systems with unattended security updates enabled.
  • Spam and abuse protection: inbound mail is filtered (rspamd) and the platform applies automated spam and abuse guards on public forms and comments.

Backups and continuity

  • Production data is backed up on an automated schedule, with copies replicated to separate offsite storage.
  • Backups are verified with integrity checks, and restore procedures are rehearsed against real backup snapshots.
  • Every release is deployed with a rollback snapshot so a faulty update can be reversed quickly.

Release discipline

Every production deployment passes an automated QA suite — health checks, authentication and authorization tests, organization-isolation tests and feature smoke tests — before and after going live. Service logs are reviewed after each deployment.

Data location and ownership

  • Your organization owns its data. You can export mailboxes (standard IMAP), download files and remove your data when you leave.
  • We never sell customer data. Our use of data is described in the Privacy Policy.
  • For data-processing questions or agreements required by your compliance team, contact support@finiteskills.com.

Reporting a vulnerability

If you believe you have found a security issue in any FiniteSkills service, please email support@finiteskills.com with the details. We acknowledge security reports promptly, investigate every report, and ask that you give us reasonable time to remediate before public disclosure.

Start a free trialRead the Privacy Policy
Finite Skills support Leave a message

Our support team replies here as soon as possible. Add your email to get the reply in your inbox too.