Home / Company / Security
Security and data protection

Security and data protection

finPhlo connects to treasury and bank data, so security is foundational, not an afterthought. This page sets out, plainly, how we host, protect and govern your data, and where we are on certification. If your procurement or IT team needs more detail, contact us and we will help.

Talk to us Privacy policy
Layered security: hosting, encryption, access control, governance

Hosting and infrastructure

finPhlo runs on Microsoft Azure and Supabase, hosted in UK and EU regions. The infrastructure is managed and monitored, with platform updates and patching handled as part of normal operations.

  • Microsoft Azure and Supabase, UK and EU data regions.
  • Managed, monitored infrastructure operated by established cloud providers.
  • Logically separated tenants so customer data is kept apart.

Data protection

Data is protected in transit and at rest, and access is restricted to what each role genuinely needs.

  • Encryption in transit using TLS, and encryption at rest.
  • Role-based, least-privilege access: people and services get only the access their role requires.
  • Single sign-on through the Phlo platform identity (Microsoft identity and Supabase Auth), so access follows your own identity controls.
  • Audit trails recording key actions and changes.
  • Regular backups so data can be recovered.

Data ownership and privacy

Your data is yours. finPhlo processes it only to provide the service to you, and never sells it.

  • You own your data; finPhlo processes it solely to deliver the service.
  • A Data Processing Agreement (DPA) is available on request.
  • Our handling is aligned with UK GDPR and the Data Protection Act 2018.

For more on how we handle personal data, see our privacy policy.

Certifications

ISO 27001: implementation underway

finPhlo's ISO 27001 information security management system is being implemented, with a certification audit targeted for mid-2026. To be clear, this work is in progress and finPhlo is not yet ISO 27001 certified. We will update this page when certification is achieved.

Scope

What finPhlo is, and is not

For a conservative finance audience, it matters to be precise about scope.

finPhlo provides

  • Finance analysis, visibility and reporting across cashflow, FX and facilities.
  • Instruction support, helping your team prepare and track finance actions.

finPhlo does not

  • Hold or custody client funds.
  • Operate as a bank.
  • Provide investment or financial advice.

Responsible disclosure

If you believe you have found a security issue in finPhlo, we want to hear from you. Please report it to hello@phlo.io with enough detail for us to reproduce it. We will acknowledge your report and work with you on a resolution.

Company details

Phlo Systems Limited

  • Company number
    10505838
  • Registered office
    3rd Floor, The News Building, 3 London Bridge Street, London SE1 9SG

Talk to us about security

Need a DPA, a security questionnaire completed, or a deeper review with your IT team? Book a call and we will walk you through it.

Book a demo About finPhlo