FundFluent Security and Cookies Policy

We are committed to maintain customer trust.  The purpose of this document is to describe the security program for our Products and Services, the minimum security standards that we maintain in order to protect your data from unauthorised in inadvertent use, access, disclosure, destruction, theft or manipulation.  We continue to update our security program and strategy to help protect your data. We reserve the right to update this Security and Cookie Policy from time to time, and such update will not materially reduce the overall protections set forth in this document.


We take reasonably practicable steps to protect you and your company against unauthorised or inadvertent use, access, disclosure, or destruction, theft, or manipulation by implementing the following:

  • Implementing electronic and internal processes
  • Using cloud platform which supports TLS1.2 with up to 256 bits of encryption to encrypt network traffic transmitted between you and our Products and Services
  • Protecting our system services behind firewalls as appropriate with monitoring
  • Using secure email and communication facility as appropriate to send personal data
  • Taking all practical steps to ensure the personal data will not be kept longer than necessary
  • we comply with laws and regulations in the HK SAR concerning the retention of personal data
  • Keeping your account details secure by NOT sharing with any third party to know your username and password, and we will never verbally ask you for your password

You need to keep your account details and device secure

  • choose a username and password that are not easily identifiable by others
  • not sharing your credentials (including but not limited to username and password) to anyone else
  • Keep your device locked when not in use
  • Only download and/or access to our Products and Services from official app store or official web site
  • Install updated anti-virus and anti-spyware tool on your device

1. Confidentiality

We have controls in place to maintain confidentiality of your data that you make available to our Products and Services in accordance with the Terms of Use and/or other relevant terms and conditions as applicable.

2. Cloud Architecture and Data Segregation

The cloud platform of our Products and Services is hosted by Amazon Web Services (“AWS”). The current location of the AWS data centre used is located in Singapore. For more information about AWS, you may visit AWS’s security webpage https://aws.amazon.com/security/.  In addition, the overview of AWS’s security process is also available at https://aws.amazon.com/whitepapers/overview-of-security-processes/.  All your data is stored in Our production environment within AWS which is a logically isolated Virtual Private Cloud (VPC).


All our network access between production hosts are restricted, using firewalls to control only the authorised access and services to interact in the production environment. Firewalls are in use to manage network segregation between different security zones in the production and our internal environments. Firewall rules are reviewed regularly.  We separate your data by using logical identifiers tagging all communications data with the associated customer ID to clearly identify the relevant ownership.  These controls are in place so that your communications with us cannot be accessed by others.

3. Physical Security

AWS data centres that host our Products and Services are strictly controlled through the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems and other means, with two-factor authentication for authorised staff accessing the data centre. Each data centre has redundant power systems that are available 24 x 7. More details are available at https://aws.amazon.com/whitepapers/overview-of-security-processes/.

4. Security by Design

Our security development lifecycle standard defines the process for the purpose of creating secure Products and Services, that our product team must perform at different stages of development (requirements, design, implementation, and deployment). Our engineers perform numerous security activities for our Products and Services including:

  • Internal security reviews before the launch of our Products and Services;
  • Periodic penetration test performed; and
  • conducting threat models for our Products and Services including documenting any detection of attacks.

5. Use of Cookies

We may record your visit to our Products and Services for the purpose of improving user experience.

What are Cookies?

Cookies are information that stored on your web browser in your device for accessing the Internet that can be retrieved by our Products and Services. We will be able to access such information stored on the cookies and record your general usage of our Products and Services. Cookies allow us to recognise your device and usage patterns of our Products and Services which enables us to tailor the content of our Products and Services to suit your interests and, subject to your consent, provide you with appropriate marketing materials.


Disable Cookies

If you want to disable cookies, you can simply do this through your browser setting. By doing so, you may not be able to enjoy full advantage of our Products and Services. You cannot manage cookies in our mobile app.


Data obtained via Cookies

We, and we may appoint other parties to research certain usage and activities of our Products and Services from time to time. We use the information collected via cookies to find out about the user demographics, behaviours, usage patterns, and to improve the effectiveness of our marketing activities. NO personal information about you is collected nor shared by / with third party as a result of this exercise.