Maxyfi Security Commitment

Transparency in data processing compliance for secure debt management solutions.

Organizational Security

Information Security Program

We've established an Information Security Program that's effectively communicated across our entire company. Our Information Security Program adheres to the guidelines outlined in the SOC 2 Framework, a reputable information security audit process

Third-Party Penetration Testing

We conduct an external third-party penetration test on an annual basis to guarantee the integrity of our service's security stance.

Roles and Responsibilities

Our Information Security Program clearly outlines and documents roles and responsibilities concerning the safeguarding of customer data. Our team members are mandated to review and acknowledge all security policies.

Security Awareness Training

Our team members are obligated to undergo employee security awareness training that encompasses best practices in the industry and information security subjects, including but not limited to phishing and password management


All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.

Background Checks

Using a third party background check companies, we perform a thorough background checks on all new team members in accordance with local laws

Cloud Security

Cloud Infrastructure Security

We host all our services on Amazon Web Services (AWS), a provider known for its strong security program and numerous certifications. For further details on our provider's security procedures, please visit AWS Security.

Security of Data Hosting

Our data is exclusively hosted on databases provided by Amazon Web Services (AWS), and these databases are situated within the United States. For additional details, please refer to the vendor-specific documentation linked above.

Data Encryption at Rest

All of our databases are safeguarded with encryption while they're at rest.

Data Encryption in Transit

Our applications exclusively utilize TLS/SSL for encrypting data during transmission.

Vulnerability Assessment

We conduct regular vulnerability assessments and continuously oversee potential threats.

Logging and Surveillance

We actively oversee and maintain logs for a variety of cloud services.

Continuity Planning and Disaster Recovery

We rely on the backup services provided by our data hosting partner to minimize the risk of data loss in the event of hardware failures. We employ monitoring services to promptly alert our team to any issues affecting users.

Response to Incidents

We've established a protocol for addressing security incidents, which encompasses escalation procedures, swift mitigation, and effective communication.

Access Security

Permissions and User Verification

Access to our cloud infrastructure and other critical tools is restricted to authorized employees with a demonstrated need for such access based on their roles.

Security Features

Where available, we employ Single Sign-on (SSO), 2-factor authentication (2FA), and stringent password policies to fortify the security of access to cloud services.

Principle of Least Privilege

We adhere to the least privilege principle concerning identity and access management.

Regular Access Audits

We conduct access audits of team members with access to sensitive systems on a quarterly basis.

Password Criteria

All team members are obligated to meet specific minimum password criteria and complexity standards for access.

Password Management Tools

Each company-issued laptop incorporates a password management tool for team members to effectively manage passwords and uphold password complexity.