Sign In Contact

Compliance & Operational Resilience

FINTEXIS SRL is committed to maintaining the highest standards of operational resilience, data protection, and regulatory compliance in alignment with EU regulations.

Last compliance review: February 2026

DORA Compliance

Digital Operational Resilience Act (EU Regulation 2022/2554)

ICT Risk Management

We maintain a comprehensive ICT risk management framework that identifies, assesses, and mitigates risks to our digital operations. Our framework includes regular risk assessments, documented risk tolerance levels, and continuous monitoring of our ICT infrastructure.

Third-Party ICT Risk Management

We maintain a register of all third-party ICT service providers and conduct due diligence on their operational resilience:

  • Vercel Inc. — Hosting and edge delivery platform. SOC 2 Type II certified. EU data processing.
  • Supabase Inc. — Authentication and database services. SOC 2 Type II certified. Encrypted data at rest and in transit.
  • Cloudflare Inc. — CDN and DDoS protection. ISO 27001 certified. Global edge network.

Incident Management

We maintain documented procedures for detecting, managing, and reporting ICT-related incidents. Our incident response plan includes defined severity levels, escalation procedures, communication protocols, and post-incident review processes. Critical incidents are reported to relevant authorities within regulatory timeframes.

Business Continuity

Our business continuity plan ensures service availability through redundant infrastructure, automated failover mechanisms, regular backups, and documented recovery procedures. We maintain a Recovery Time Objective (RTO) and Recovery Point Objective (RPO) appropriate to our service commitments.

Resilience Testing

We conduct regular testing of our digital operational resilience including vulnerability assessments, penetration testing, and disaster recovery simulations. Testing results are documented and used to continuously improve our security posture.

Data Protection

GDPR Compliance

As an EU-based company, we fully comply with the General Data Protection Regulation (EU 2016/679). We process personal data lawfully, transparently, and for specified purposes. Data subjects may exercise their rights by contacting info@fintexis.com.

Security Measures

  • TLS/SSL encryption for all data in transit
  • Encryption at rest for stored personal data
  • HTTP security headers (HSTS, CSP, X-Frame-Options)
  • Secure authentication with PKCE flow
  • Row-level security on database tables
  • Regular security audits and dependency monitoring

Security Disclosure

If you discover a security vulnerability, please report it responsibly to security@fintexis.com. We are committed to investigating and addressing all reported vulnerabilities promptly.