1 · Encryption

All traffic is served over TLS 1.2 or higher. Data at rest is encrypted with AES-256 on managed cloud storage in Switzerland and the European Union.

2 · Authentication

Passwords are stored salted and hashed with a modern algorithm. Two-factor authentication (TOTP) is available on every account and required for accounts that handle other people's money.

3 · Maker-checker and audit trail

Every change to a record is captured as an immutable change event with timestamp, author, and previous value. Sensitive changes can be configured to require a second approver before they apply.

4 · Backups and recovery

Encrypted backups are taken daily and retained for 30 days, with weekly snapshots retained for one year. Recovery is tested quarterly.

5 · Access control

Production access is limited to a small on-call team, gated by hardware-key two-factor authentication, and logged. We grant the minimum access required and review it quarterly.

6 · Reporting a vulnerability

If you find a security issue, please email support@fee.cm with the details. We acknowledge within two business days, fix in a reasonable timeframe based on severity, and credit you publicly if you would like.

7 · No warranty of perfection

No system is unbreakable. We work hard to make ours as resilient as we can and are transparent when something goes wrong — see the status page or your in-app banner.