How Fego secures you

Data privacy

We ensure that all data is encrypted both in-transit &-at rest and that no data is shared between tenants in a multi-tenancy setting, with fine-grained access controls.

Built-in security

Built-in redundancies to ensure compliance and future-proof applications for safe onboarding, authentication and access to financial data.

Fraud prevention

Fego secures your users, assets and data with robust data-governance and fraud monitoring policies by maintaining high data-quality standards and providing standard-based data access.

Security Information and Event Management (SIEM)

By identifying possible security threats and vulnerabilities before they have a chance to impact business operations, SIEM helps to minimise risks while boosting efficiency.

Operations Management

Governance
  • Hosting
    Hosting provider is PCI-DSS certified and SOC2 compliant (Amazon Web Services)
  • Transmission Security
    All data served via our REST API uses HTTPS. We regularly audit our security setup to ensure the certificates we serve are up-to-date and we encourage partners to use the same methods to ensure that the information is encrypted throughout.
  • Logging
    We log all API calls and track the interactions with Fego API for later review.
  • Application Security
    Frequent and dynamic testing of application security exceeds the requirements of the Data Protection Bill and the Information Technology Act, 2000.
Communication
  • Whitelisting of IP addresses 
  • HTTPS encryption with 256-bit keys      
  • Multi-Factor Authentication (MFA)
Storage
  • Clients and end-users cannot access sensitive data stored on a highly protected virtual private cloud infrastructure
  • Hardware encryption with AES-256
  • End-user sensitive information is not accessible
Policies
  • SOC2 Compliant Emergency Data Incident Response
  • Logical Access Control System  
  • Physical Access and Environment Control     
  • Risk Management Policy  
  • Change Management Policy for SOC 1 & 2

Robust Compliance & Certification

GDPR
AUJAS
SOC Type 1
SOC Type 2
VAPT
* some under process

Security Architecture

Still have questions or concerns?

If you think you might have discovered a security vulnerability within Fego, please talk directly to our Information Security team.

Every company will be a fintech company

We are at the forefront of making finance relevant and simple for every Indian. Build better products by tapping into the Account Aggregation Framework.