Back to homehello@getfinops.cloud

Security Policy

Last updated: January 13, 2026
Security practices for FinOps AI and every service operated by HostingX Solutions LLC. For vulnerability reports, email security@hostingx.co.il.
HostingX Solutions LLC · LLC No. 0008072296 · Founded 2026 · Registered in New Mexico, USA · 8206 Louisiana Blvd NE, Suite A #8186, Albuquerque, NM 87113, United States

1.Our Security Commitment

HostingX Solutions LLC is committed to protecting the confidentiality, integrity, and availability of our clients' data and systems. Security is embedded in every aspect of our service delivery.

2.Data Protection

Encryption

  • All data in transit protected with TLS 1.3
  • Data at rest encrypted with AES-256
  • Encrypted backups with secure key management
  • End-to-end encryption for sensitive communications

Access Controls

  • Least-privilege access model
  • Multi-factor authentication (MFA) required for all accounts
  • Role-based access control (RBAC)
  • Regular access reviews and revocation
  • Segregation of duties for critical operations

3.Infrastructure Security

Cloud Security

  • Infrastructure hosted in SOC 2 certified data centers
  • Network segmentation and isolation
  • Web Application Firewall (WAF)
  • DDoS protection and mitigation
  • Regular security hardening

Container & Kubernetes Security

  • Pod security policies and admission controls
  • Container image scanning (Trivy, Grype)
  • Runtime security monitoring
  • Network policies and service mesh
  • Secrets management (HashiCorp Vault, AWS SSM)

4.Application Security

Development Practices

  • Secure Software Development Lifecycle (SSDLC)
  • Code review requirements
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Dependency scanning and vulnerability management

CI/CD Security

  • Pipeline security scanning
  • Signed container images (Cosign / Sigstore)
  • Immutable infrastructure
  • Automated compliance checks
  • GitOps with audit trails

5.Vulnerability Management

  • Continuous vulnerability scanning
  • Risk-based prioritization
  • 24-hour patching for critical vulnerabilities
  • 7-day patching for high-severity issues
  • Monthly security updates
  • Coordinated disclosure program

6.Monitoring & Incident Response

24/7 Security Operations

  • Real-time security monitoring (SIEM)
  • Intrusion detection / prevention systems (IDS/IPS)
  • Log aggregation and analysis
  • Anomaly detection and alerting
  • Automated threat response

Incident Response

  • Documented incident response plan
  • 1-hour notification for security incidents
  • Forensic investigation capabilities
  • Post-incident reviews and improvements
  • Communication protocols with affected parties

7.Compliance & Auditing

Standards & Frameworks

  • Aligned with SOC 2 Type II requirements
  • CIS Benchmarks for infrastructure hardening
  • OWASP Top 10 mitigation
  • NIST Cybersecurity Framework
  • ISO 27001 control implementation (planned)

Audit & Logging

  • Comprehensive audit logging
  • Tamper-proof log storage
  • 90-day log retention (longer for compliance)
  • Regular security audits
  • Third-party penetration testing (annual)

8.Employee Security

  • Background checks for all employees
  • Security awareness training
  • Signed confidentiality agreements
  • Clean desk and screen policies
  • Secure remote work practices

9.Vendor Security

  • Security assessment for all vendors
  • Data Processing Agreements (DPAs)
  • Regular vendor reviews
  • Subprocessor documentation
  • Supply chain risk management

10.Business Continuity

  • Disaster recovery plan with 4-hour RTO
  • Automated backups (hourly snapshots, daily full)
  • Multi-region redundancy
  • Failover procedures tested quarterly
  • Data retention policies

11.Client Responsibilities

Clients should:

  • Use strong, unique passwords
  • Enable MFA on all accounts
  • Protect API keys and credentials
  • Report security concerns promptly
  • Follow security best practices
  • Conduct their own security assessments

12.Security Reporting

Report security issues:

  • Email: security@hostingx.co.il
  • PGP key available upon request
  • Coordinated disclosure: 90-day window
  • Recognition for responsible disclosure
We do not support bug bounties but appreciate responsible disclosure.

13.Contact

Security questions
security@hostingx.co.il
General inquiries
legal@hostingx.co.il
FinOps AI inbox
hello@getfinops.cloud