Security at Hola Finance

We take security seriously and implement industry-standard practices to protect your data. Your trust is important to us, and we're committed to maintaining a secure platform.

Our Security Measures

Transport Encryption

All data transmitted to and from Hola Finance is encrypted using TLS (Transport Layer Security) with modern cipher suites.

  • HTTPS/TLS 1.2+ enforced
  • HSTS (HTTP Strict Transport Security)
  • Modern cipher suite configuration

Data at Rest

Sensitive credentials are encrypted at rest. Business records are protected by access controls and infrastructure security.

  • Passwords hashed using industry-standard algorithms
  • API keys and OAuth tokens encrypted
  • Database access controls and segmentation

Access Controls

We implement role-based access control and least-privilege principles for our systems and staff.

  • Role-based access control (RBAC)
  • Mandatory MFA/2FA for staff accounts
  • Time-bound, logged privileged access
  • Periodic access reviews

Infrastructure Security

Our infrastructure is hosted in the EU with security measures including firewalls, network segmentation, and DDoS protection.

  • EU-based hosting (preference: Germany)
  • Network segmentation and firewalls
  • WAF/CDN and DDoS protection
  • Regular security patching

Monitoring & Logging

We maintain security event logging and anomaly detection to identify and respond to potential security incidents.

  • Security event logging
  • Anomaly detection and alerting
  • Tamper-resistant audit logs
  • On-call incident response

Backups & Recovery

We maintain encrypted backups with geographically separate storage and periodic restore testing.

  • Encrypted backup storage
  • Geographically separate backup locations
  • Periodic restore testing
  • Business continuity procedures

Your Security Responsibilities

Shared Responsibility Model

Security is a shared responsibility. While we secure our platform, you are responsible for:

1

Credential Security

Keep your passwords, API keys, and tokens secure. Use strong, unique passwords and enable two-factor authentication.

2

Account Activity

Monitor your account for unauthorized activity and report any suspicious behavior immediately.

3

Data Backups

While we maintain regular backups, we recommend keeping your own copies of critical business records as an additional safety measure.

4

Access Management

Control who has access to your account and linked accountants. Review permissions regularly.

5

Device Security

Keep your devices secure with up-to-date software, antivirus protection, and avoid accessing Hola on public/untrusted networks.

6

Integration Security

Review and understand the security implications of third-party integrations you enable.

Responsible Disclosure

Report Security Vulnerabilities

If you discover a security vulnerability in Hola Finance, please report it responsibly. We appreciate your help in keeping our platform secure.

How to Report

  • Email us at [email protected] with subject "Security Vulnerability"
  • Provide detailed information about the vulnerability and steps to reproduce
  • Do not publicly disclose the vulnerability until we have addressed it
  • Do not test vulnerabilities on production systems without prior written permission

We will acknowledge receipt of your report and work to address verified vulnerabilities as quickly as possible. Please allow us reasonable time to investigate and remediate before public disclosure.

Compliance & Standards

GDPR Compliant

We comply with the EU General Data Protection Regulation and handle your data in accordance with our Privacy Policy.

Data Localization

Primary data storage in the EU (Germany) with appropriate safeguards for any extra-EEA processing.

Industry Standards

We follow industry best practices for SaaS security, including OWASP guidelines and secure development practices.

Incident Response

In the event of a security incident that affects your data, we will:

1

Rapid Assessment

Quickly assess the scope and impact of the incident using our on-call incident response procedures.

2

Containment & Remediation

Take immediate steps to contain the incident and prevent further unauthorized access or data loss.

3

Notification

Notify affected customers and, where required by law, regulatory authorities within the legally mandated timeframes.

4

Post-Incident Review

Conduct a thorough review to understand root causes and implement measures to prevent recurrence.

Security Best Practices

To keep your account secure, we recommend using a strong, unique password and enabling two-factor authentication when available. As with any business-critical system, maintaining your own backups of important records is a good practice. For full details on our security commitments and policies, see ourTerms of Service andPrivacy Policy.

Security Questions?

If you have questions about our security practices or need to report a security concern, please contact us.

Email Security TeamView Privacy Policy