Security and Compliance

Fluid's approach to security is designed to protect both you, your affiliates, and your customers. We monitor usage, we continuously innovate in preventing malicious users, and we protect your data like our business depends on it—because it does. We adhere to industry-leading standards to manage our network, secure our web and client applications, and set policies across our organization.

Encryption and Monitoring

Every interaction with Fluid is completed over a secure connection. We monitor interactions daily to make sure only permitted users are accessing your information.

Fluid uses our algoritms to spot and freeze malicious or suspicious activity.

PCI Compliant

Card-processing systems adhere to the PCI Data Security Standard (PCI-DSS).

Getting stronger as we grow

We’ve designed Fluid to grow stronger the more people interact. The better data set we have to analyze, the smarter our anti-fraud algorithms become. Think of it this way: if cars on a highway drove by only occasionally, it’d be tough to distinguish the ones speeding from the ones travelling within the limit. But on a crowded highway, it’s easy to spot the reckless driver weaving in and out of traffic. Likewise, more Fluid customers allow our proprietary systems to spot the bad guys easily.

Secure network, servers, and data

Fluid's servers are housed in a secure facility monitored around the clock.

A few other items on our checklist
  • Card processing adheres to PCI Data Security Standards
  • Data is encrypted at rest
  • Security settings of applications and devices are tuned to ensure appropriate levels of protection
  • We run on AWS and Heroku
  • Data is backed up regularly
  • Secure organization from top to bottom

Fluid mandates that employees act in accordance with security policies designed to keep applications safe.

  • Fluid requires sensitve data to be encrypted
  • Fluid limits access to application code to internal employees.
  • Two-factor authentication and strong password controls are required for administrative access to systems.
  • Security systems and processes are tested on an ongoing basis by qualified external teams.
  • Security policies and procedures are carefully documented and reviewed on a regular basis.
  • Detailed incident report plans have been prepared to ensure proper protection of data in an emergency.

If you believe you have discovered a vulnerability or you have any security issues with your account, please report it to