.svg "flourish-primary-logo-30px (1)"){kind=logo}
Security
Security at Flourish: 5 key pillars
Since day one, security has been a top priority at Flourish. We follow best-in class security measures to protect our customers' data and assets at all times, focusing on 5 key pillars:
Data
Client data in our production environment is protected at all times with bank-level encryption, and our production environment is protected with strict access controls.
Architecture
Our information systems are designed and built following security best practices and undergo annual penetration testing.
Cloud
We’ve built our platform on Amazon Web Services (AWS) using secure cloud computing patterns and tightly controlled AWS managed services.
Client access
We require modern security features that are designed to safeguard client accounts, including strong passwords, automatic logouts, and mandatory multi-factor authentication.
Compliance
Our products are offered through regulated entities, and we have a dedicated Chief Compliance Officer and compliance team to oversee a comprehensive compliance program.
Here are just a few of the ways we keep your account secure:
Bank-level encryption
All data is encrypted at rest using AES 256-bit encryption and in transit using TLS 1.2
Advanced login protection
We require multi-factor authentication and strong passwords for every client
Vulnerability scanning
We run frequent internal and external security scans and audits of our software and system
Automatic logout
Clients who are inactive for an extended period of time are automatically logged out to prevent unauthorized account access
Background checks
Everyone on our staff undergoes a criminal background check
Identity verification
We run thorough identity verification checks on new customers to determine if the identity information provided is valid and that the person is not on certain government sanctions lists
Suspicious activity monitoring
We look for unusual behavior related to transfers and activity
New bank holds
Whenever a client connects a new external bank account to Flourish Cash,1 we send a notification email to the account owner(s) and prevent withdrawals to that bank account for three days
Account notifications
We send notification emails to account owner(s) whenever a transfer is placed, a bank account is added or information about their account is changed
Internal training
All employees go through security awareness training on common information technology risks such as malware and phishing
Dedicated security team
We have a Chief Information Security Officer and internal and external security teams that are constantly evaluating risks and enhancing our security
Paxos: A qualified custodian
Paxos Trust Company provides cryptocurrency execution and custody services for Flourish Crypto.2 As a highly-regulated and audited crypto custodian, Paxos was built from the ground up to keep assets secure:
Secured the first New York Department of Financial Services Trust charter for digital assets in 2015
Received both a SOC1 and SOC2 Type II certifications—the highest industry standard when it comes to independent verification of security protocols and controls
Institutional grade hot and cold wallet storage
Client funds are bankruptcy remote, segregated from any corporate assets
Sophisticated security measures, including Multi-party Computation (MPC) signing for warm and hot wallets, and multi-signature signing for cold wallets