Security at Classifi

Encryption in transit & at rest

We encrypt data when it moves between your browser and our servers (in transit) and when it’s stored (at rest). In practice, this means it’s unreadable to anyone but you and authorized systems.

Access controls

Only a small, need‑to‑know team can access production systems—and only for support or maintenance. All access is logged and reviewed.

Your data, your control

Export your records anytime. Delete what you no longer need. You decide who on your team has access and what they can see.

Backups & availability

We take regular backups and monitor uptime. If something goes wrong, our goal is to recover quickly with minimal disruption.

Secure development

We follow secure coding practices, review changes before deployment, and monitor for anomalies. As we grow, we’ll formalize these controls even further.

Compliance posture

We model our practices on SOC‑2 controls (access management, change control, logging). As we scale, we plan to pursue formal SOC‑2 attestation.

Responsible third‑party services

We only work with infrastructure and payment providers that take security seriously. We evaluate vendors for security, reliability, and data handling.

Reporting issues

If you think you’ve found a vulnerability, please email us so we can fix it quickly.

• Security contact: support@classifi.co
• Include steps to reproduce and any relevant screenshots/logs