Molty by Finna

Security

Enterprise-grade security built into every layer.

Architecture

Molty by Finna uses Firecracker microVMs - the same technology AWS uses for Lambda. Each customer gets an isolated VM with dedicated compute, memory, and storage. There is no shared runtime between tenants.

Encryption

  • Data at rest: AES-256-GCM
  • Data in transit: TLS 1.3
  • Per-tenant key derivation via HKDF
  • Unique IV per encrypted secret
  • Master key stored in HSM-backed Doppler

Network Security

  • Cloudflare Tunnel for all ingress
  • Gateways bind to localhost only
  • No exposed ports on customer VMs
  • DDoS protection via Cloudflare

Compliance

  • SOC 2 Type II compliant
  • ISO 27001 certified
  • GDPR compliant data handling
  • 7-year audit log retention
  • Data residency options (contact us)

Trust Center

Review our security posture, compliance documentation, and policies on our Vanta Trust Center.

Bug Bounty

We operate a responsible disclosure program. If you discover a security vulnerability, please report it to [email protected]. We respond to all reports within 24 hours.

Status

Monitor real-time system status, uptime, and incident history on our status page.

Contact

For security questions or to report an issue, contact us at [email protected]