Rewatch ELEVATE 2026

Contact us

SECURITY

Technology that puts security and data protection first

We streamline indirect tax compliance while mitigating risk and maximising data security.

Certified to ISO 27001 standards

Fintua is ISO27001 certified – the global standard for managing information security. This means we handle your data securely, in line with GDPR and other data protection laws.

This is more than a certificate – it’s our commitment to doing things right. We regularly update security policies, train our teams, test our systems and carry out both internal and external risk assessments to stay ahead of potential threats.

You can trust your data is in safe hands – with security built into everything we do.

Fintua SOC 2 Type 2 certified

SOC 2 Type II certified

We are proud to maintain a fully compliant SOC 2 Type II report with no exceptions.

This certification reinforces the strength of our security, quality, processing integrity and operational processes across the business.

One secure platform

Our platform is built on a multi-tenant architecture, with strict data filters in place. Access is controlled based on user roles and permissions – so the right people see the right data and nothing else.

We use TLS 1.2 encryption to protect data in transit. This means your information stays secure, even as it moves between systems.

Fintua partners with trusted hosting provider, AWS. AWS facilities are certified to ISO27001, ISO22301, ISO27017, ISO27018 and maintain SOC 1 Type II and SOC 2 Type II reports.

For us, security isn’t an add-on – it’s built into everything we do.

Secure data centre

Proactive security monitoring and incident response

Our Security Operations Centre monitors systems 24/7, ensuring we can respond fast if something goes wrong.

We have a clear, documented incident management process, with defined severity levels and escalation paths – so every incident is handled with the right levels of urgency.

Data protection and compliance

Our solutions are designed to minimise data risk from the outset. Our Recover solution requires only limited Personally Identifiable Information (PII) and Comply operates without any PII at all. We retain data only for as long as necessary, in line with defined timelines and regulatory requirements.

Headquartered in Ireland, we operate under the General Data Protection Regulation (GDPR) and comply with all local data protection laws in the regions we serve.

We apply strong technical and organisational controls, audited bi-annually under our ISO 27001 certification and we maintain a SOC2 Type II report. 

Data protection is a part of our culture. All employees complete mandatory training each year, with regular updates from our Data Protection Officer to keep awareness high.

Patch management

We take a risk-based approach with all critical patches installed within 7 days or less in line with our patch management standard.

Regular external audits

We operate a robust, ongoing audit programme to ensure the highest standards of information security and compliance. This includes monthly internal audits and bi-annual independent external audits to verify that our Information Security Management System remains fully aligned with ISO 27001 requirements.

Penetration testing

Penetration testing is conducted at least annually by a third party provider. Vulnerabilities are assigned owners and tracked to remediation at our IT governance forums.

Vendor management

We have defined rules for engagement with third parties. Requirements include contracts and due diligence to ensure that services commissioned are from reputable companies that operate in accordance with all applicable industry, regulatory and legislative requirements.