Schedule a call

Committed to Security

At airCFO, we understand the trust our clients put in our team with handling some of their most sensitive data. For this reason, we take great measures to protect both our clients' and our own information. This page outlines our key security measures and practices so you have peace of mind that your information is secure.

Our Security Architecture

Rather than maintaining our own data storage infrastructure, we leverage industry-leading third-party tools and Google's cloud infrastructure. This approach allows us to leverage robust security controls from established companies while layering on additional security protocols specific to our operations.

Data transmitted through email, Google Docs, and Google Sheets are protected through Google Workspace's backup systems, including regular testing and rapid recovery capabilities to maintain continuous data availability. The rest of your financial data is housed in leading FinTech platforms with strong security protections and SOC2 type 2 certifications:

Additional Safeguards

We recognize that the biggest risk vector for a company like airCFO lies in a malicious actor gaining access to a client’s data through physical device theft or social engineering. To mitigate these risks, we’ve implemented multiple layers of security through industry-leading tools:

Device & Access Protections

  • Enterprise Security Suite: SentinelOne for advanced threat protection and regular automated security assessments, and Cisco Umbrella for DNS-level security
  • Device Management: Kandji for endpoint management and automated compliance checks, enforcing full device encryption
  • Access Control: 1Password for password management and multi-factor authentication across all systems, and Google Workspace for secure collaboration

Incident Response & Recovery

  • Clear procedures for handling security events
  • Well-defined communication protocols for quick notification
  • Regular testing of recovery capabilities

Our People Make Security Personal

Security isn't just about technology – it's about people. Our team is committed to protecting your data through:

  • Continuous Education: Regular security awareness training via KnowBe4 platform
  • Team Verification: Comprehensive background checks for all team members
  • Policy Management:
    • Clear confidentiality agreements
    • Regular policy reviews and updates
    • Ongoing security procedure assessments

About SOC2

We often get asked whether airCFO is SOC2 compliant; we understand this is a common standard for technology companies to comply with. In 2024, we worked with an InfoSec partner to evaluate our security framework and implement controls most relevant to our data infrastructure. Since we operate airCFO entirely through third-party tools (Google, Slack, QBO, etc.) and don’t store/transmit data through our own platform, we determined that SOC2 compliance isn’t a relevant yardstick for measuring our security.

Instead, we focus on practical security measures including that directly enhance our security posture rather than pursuing certifications that may not actually help keep client data protected. So, while we aren’t officially SOC2 certified, we’ve taken the necessary precautions to prevent our clients’ data from falling into the wrong hands.

Security Inquiries

For detailed questions about our security practices or to request specific security documentation, please contact your airCFO representative. We are committed to maintaining transparent communication about our security practices while protecting the confidentiality of our specific security controls.

This document provides a high-level overview of airCFO's security practices. Specific security controls and procedures are subject to change as we continuously improve our security posture.