Fignis is used to model sensitive financial decisions. We protect that work with strong encryption, hardened browser controls, secure authentication, account boundaries, disciplined operations, and a clear rule: we do not sell your planning data.
Fignis scores A+ on SSL Labs and 10/10 on MDN Observatory. Those results depend on modern HTTPS, strong TLS, HSTS, a restrictive Content Security Policy, MIME-sniffing protection, and careful cross-origin rules.
Many sites stop at basic HTTPS. Fignis goes further by making these controls explicit, measurable, and continuously verifiable with independent public scanners.
All traffic is served over HTTPS with a hardened TLS configuration.
TLS encrypts the connection between your browser and Fignis. We support only current TLS versions, so weaker connection methods are not accepted.
Fignis uses security headers that tell browsers how pages may load resources, where they may be embedded, and how sensitive content should be handled.
These controls reduce exposure to content injection, clickjacking, MIME-type confusion, and cross-origin leakage.
Fignis supports social login and email-based accounts.
For email-based accounts, passwords are protected using one-way hashing and salting before they are stored. For Google sign-in, Fignis never receives or stores your Google password; Google verifies your identity and Fignis uses that verified sign-in to create a secure session.
Fignis keeps planning data separated by account at the application and database access layer, so data is only available within the account it belongs to unless access is intentionally shared.
We treat this information as private financial planning data, use it only to provide, secure, support, and improve the service, and do not sell your planning data.
Fignis stores and manages its application data on infrastructure we control, instead of relying on shared third-party application platforms for core data handling.
We limit access to systems and credentials, manage infrastructure through controlled processes, monitor reliability and security signals, and review changes before they reach users.
Security scores are useful because they make important controls visible and testable.
We treat them as a baseline to maintain, not a one-time badge. As standards evolve, we review our configuration and update it where needed.
For security questions or vulnerability reports, email us at [email protected].
