Security Policy

Fractionalize has taken all necessary precautions to preserve the security of personal data and, in particular, to prevent it from being accessed by unauthorized third parties, distorted, or damaged.

These measures include the following:

  • Multi-level firewall.
  • Proven solutions for anti-virus protection and detection of intrusion attempts.
  • Encrypted data transmission using SSL/https/VPN technology.
  • Tier 3 and PCI DSS certified data centers.

In addition, access to processing data on behalf of Fractionalize by the receiving third-party services requires authentication of the persons accessing the data, by means of an individual access code and password, that is sufficiently robust and regularly renewed.

Data transmitted over unsecured communication channels is subject to technical measures designed to make such data incomprehensible to any unauthorized person.

Data Center Security

  • We use multiple MTAs, placed in different world-class data centers around the United States.
  • Our data centers manage physical security 24/7 with biometric scanners and the usual high tech stuff that data centers always brag about.
  • We have DDOS mitigation in place at all of our data centers.
  • We have a documented infrastructure continuity plan.

Protection from Data Loss, Corruption

  • User accounts are segregated from each other through multiple layers of logic which prevent corruption and overlap
  • Fractionalize technology infrastructure includes network devices such as firewalls, and IDS/IPS tools which are strategically placed to control and monitor network traffic for data loss and corruption
  • Account data is mirrored and regularly backed up off site.

Application Level Security

  • Fractionalize account passwords are hashed. Our own staff can't even view them. If you lose your password, it can't be retrieved—it must be reset.
  • All login pages (from our website and mobile website) pass data via TLS 1.2 or higher.
  • The entire Fractionalize application is encrypted with TLS 1.2 or higher.
  • Login pages and logins via the Fractionalize API have brute force protection.
  • We provide the ability to enable email or SMS notifications about key activity.
  • We provide the ability to enable two-factor (2FA) authentication to your Fractionalize account.
  • We perform regular external and internal security penetration tests throughout the year using different vendors. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
  • The findings of our pen-testing results are kept strictly confidential. We can confirm that any findings are addressed and repaired.

Internal IT Security

  • Fractionalize offices are secured by keycard access and biometrics, and they are monitored with infrared cameras throughout.
  • Fractionalize facilities have at least one staffed guard station/receptionist area on premise.
  • We constantly monitors our environment for vulnerabilities and perform penetration testing and social engineering exercises on our environment and our employees.

Employee Security & Safeguards

  • We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.
  • Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and credit background checks prior to employment.
  • All new hires and contingent workers are required to sign Non-Disclosure and Confidentiality Agreements. Additionally they are required to attend and certify completion of training on Intuit's Code of Conduct and information security policies including acceptable use.
  • In order to protect our company from a variety of different losses, Fractionalize has established a comprehensive insurance program. Coverage includes, but is not exclusive to: coverage for cyber incidents, data privacy incidents (including regulatory expenses), general error and omission liability coverage, excess cyber liability coverage, property and business interruption coverage, as well as international commercial general liability coverage.

SOC II & III Compliant

We also perform annual SOC II & III audits. We provide our SOC reports upon request and completion of an NDA.

ISO 27001 Certification

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers, and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touchpoint audits (surveillance audits).

Safeguarding Your Account

  • We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity.
  • We monitor accounts and campaign activity for signs of abuse.
  • Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
  • We provide the ability to enable email or SMS notifications about key activity.
  • We provide the ability to enable two-factor (2FA) authentication to your Fractionalize account.
  • We provide the ability to establish tiered-levels of access within accounts.