Security Policy



This Security Policy was last updated on Jan 13, 2024.

Product Security

At Oltre Financial, we take the security of our users' passwords and credentials seriously. We have implemented the following measures to ensure the safety and integrity of your information.

Password Complexity Standard

We enforce a password complexity standard to ensure that your passwords are strong and resistant to brute-force attacks. When creating an account or updating your password, we require a combination of uppercase and lowercase letters, numbers, and special characters.

Auth0 User Account Management

All user accounts at Oltre Financial are managed by Auth0, a trusted and secure identity management platform. Auth0 ensures that user authentication and authorization processes are handled securely and efficiently, protecting your account information.

Google Account Integration

In addition to creating accounts directly with us, we also offer the option to sign up and log in using your Google account. This integration leverages Google's secure authentication infrastructure, ensuring a seamless and secure login experience for our users.


Oltre Financial has an uptime of 99.9% or higher.

Network and Application Security

At Oltre Financial, we prioritize the security of our network and applications to safeguard your data. We have implemented various measures to ensure the confidentiality, integrity, and availability of your information.

Data Hosting and Storage

Oltre Financial's services and data are securely hosted within Amazon Web Services (AWS) facilities located in the USA. AWS provides robust infrastructure and advanced security controls to protect our systems and your data.


All data transmitted to and from Oltre Financial is encrypted during transit using 256-bit RSA encryption. Our API and application endpoints exclusively adhere to the TLS 1.3 protocol, and they have received an "A" rating on Qualys SSL Labs' tests, ensuring the highest level of encryption strength.

Failover and Disaster Recovery (DR)

Oltre Financial's infrastructure and data are distributed across two AWS availability zones, designed with built-in failover and disaster recovery capabilities. This architecture ensures that even in the event of a localized failure, our systems remain operational, and your data remains accessible.

Backups and Monitoring

We employ Amazon RDS's daily backup solution for databases that contain customer data. This practice guarantees that your information is regularly backed up to prevent data loss. Additionally, we have robust monitoring mechanisms in place including AWS CloudWatch, to promptly detect and respond to any potential security incidents.

Permissions and Authentication

Oltre Financial prioritizes strong access controls and authentication mechanisms. Our website is served 100% over HTTPS to ensure secure communication. Access to customer data is strictly limited to authorized employees who require it for their job responsibilities. We adhere to a zero-trust corporate network model and enforce two-factor authentication (2FA) and strong password policies on platforms such as GitHub, Google, AWS, and Oltre Financial's own services to fortify access to cloud resources.

Incident Response

Oltre Financial maintains a comprehensive security event protocol that includes escalation procedures, rapid mitigation measures, and post-incident evaluations. Our dedicated team is well-prepared to handle any security events that may arise. We prioritize the continual education of all employees regarding our security policies and best practices.

Additional Security Features

In addition to the previously mentioned security measures, Oltre Financial has implemented the following additional security features to ensure the protection of your data.


To maintain the confidentiality of sensitive information, all Oltre Financial employment contracts include a confidentiality agreement. This agreement is signed and returned by employees before they start their employment, emphasizing the importance of data protection.


We prioritize the ongoing education and awareness of our employees regarding security practices. All Oltre Financial employees undergo annual Security and Awareness training, ensuring they are well-informed about potential risks and equipped to make secure decisions.


Oltre Financial has developed a comprehensive set of security policies that cover a wide range of topics. These policies are regularly updated to align with evolving security best practices. They are shared with all employees, ensuring a common understanding of our security expectations and guidelines. By monitoring OWASP’s recommendations and implementing robust security measures, we strive to provide you with a secure browsing experience and safeguard your sensitive information.

PCI Obligations

As a payment processing platform, Oltre Financial partners with Stripe to administer all credit card payments. Stripe is a trusted and secure payment gateway that maintains a robust security setup and PCI compliance. For more details about their security measures, you can visit Stripe's security page.