Vendor Database Access Controls During Support & Development

This article clarifies whether Finverity or support team can access customer data stored within a cloud-hosted environment during the course of support or development activities.

Access

Finverity does not have access to the database under any circumstances. This applies equally during development work and support activities. The following controls are in place:

All customer data is encrypted both in transit and at rest.

• There is no direct database access granted, regardless of the purpose or context of the engagement.

• Development and testing activities are conducted without access to production data or live database environments.

Authentication & Access Controls

Access to the hosted environment is protected by the following mandatory controls:

• Strict user access control policies are enforced across all accounts.

• Multi-Factor Authentication (MFA) can be enabled as mandatory for all users with access to the platform.

• Access privileges are assigned on a least-privilege basis and reviewed regularly.

No third-party vendor has the ability to access, query, or export data from the database — directly or indirectly — during any phase of support or development engagement.

Support

When providing remote support, Finverity support staff may be granted limited view-only access to the application. This may occur through:

• Screen sharing initiated by an authorised internal user.

• Remote login with explicit view-only permissions to diagnose and troubleshoot issues.

This access is subject to the following restrictions:

• No access is provided to the underlying database, file system, or backend systems.

• Sessions can be conducted under the supervision of an authorised internal user where possible.

• Customer has full control over the Roles and Permissions of the Finverity support accounts.