For compliance & supervisory teams

Built for advisor and compliance peace of mind.

Advisors trust FINNY to bring next-gen growth into their daily workflows — and rely on us to fit cleanly inside the regulatory framework their firms operate under. Our platform and product are designed for the rigorous standards of the financial-advisory industry.

Request compliance packet Talk to our team

Platform security

Engineered for security. Audited for trust.

FINNY's platform is independently audited, encrypted in transit and at rest, and operated from the United States. The detailed reports — SOC 2 Type II, data handling overview, subprocessor list — are in the compliance packet.

SOC 2 Type II

Independently audited security controls. Audit period August–October 2025.

Defense in depth

Encryption at rest and in transit, role-based access controls, and OAuth-scoped email integration. FINNY never stores user credentials.

US data residency

FINNY runs securely on AWS — all data is stored and processed in the United States.

Pen tested annually

Independent third-party penetration testing of FINNY's platform and infrastructure, with documented remediation tracking.

Independently audited

SOC 2 Type II audit completed for security, covering August–October 2025. Platform and infrastructure are also penetration tested by independent third parties.

Engineered for security

Data encrypted in transit and at rest. Role-based access controls across the application and infrastructure. Zero-trust architecture with strict identity verification.

Continuously monitored

Continuous security monitoring through Datadog SIEM. Automated alerting on suspicious activity, with documented incident response procedures.

US-based operations

FINNY's production infrastructure runs on AWS. All data is stored and processed in the United States.

Growth compliance

Designed to fit the regulatory frameworks that govern advisor outreach.

Advisors are subject to FINRA Rule 2210, the SEC Marketing Rule, CAN-SPAM, TCPA, and Reg S-P / GLBA depending on their firm structure. FINNY's drafting-and-approval workflow, delivery through the advisor's own email, and growth-only data model are designed to fit cleanly inside each of these frameworks. FINNY does not provide legal or compliance advice; each firm sets its own supervisory procedures.

FINRA Rule 2210

Communication with the public

For advisors affiliated with a broker-dealer. FINNY supports the substance of compliant outreach.

Pre-use review and advisor approval on every message
Fair-and-balanced content; FINNY's drafting avoids performance predictions
Timestamped activity logs for supervisory review
Advisors can include required disclosures, BrokerCheck references, and firm attribution

SEC Marketing Rule (206(4)-1)

Advertisements by RIAs

FINNY drafts only suggestions; the advisor controls all content before sending.

Full advisor edit and approval before sending
FINNY's drafting avoids testimonials, performance projections, and unverified claims
Advisors can include required disclosures in every message before sending
Records that support Rule 204-2 books-and-records

CAN-SPAM

Commercial email

FINNY does not provide bulk-email or blast campaigns. Every message is sent 1:1.

Sent from the advisor's own email — accurate sender information
Personalized 1:1 outreach — each message tailored to its individual recipient
Opt-out tracking and suppression management
Timestamped recordkeeping for review

TCPA

Voicemail & phone outreach

FINNY does not auto-dial. Voicemail drops are advisor-initiated and tracked.

Phone numbers on the federal DNC list are flagged via licensed data
Prospect location and timezone visible to support calling-window decisions
Notes field available to capture consent basis or call rationale
Centralized records for supervisory review

Reg S-P & GLBA

Customer data privacy

FINNY is a growth-only platform. Customer non-public information is not required by the platform.

No customer NPI ingested by default
Prospect data from public and licensed providers
No data resale, rental, or sharing with third parties for marketing or advertising
DPA available on request to reflect specific firm requirements

Books & Records

Recordkeeping & archiving

FINNY logs activity for supervisory review. Because email is delivered through the advisor's mailbox, messages are captured by the firm's existing email archiving.

Timestamped activity logs for all outreach
Email delivered through the advisor's connected email account
Messages flow into the firm's existing email archiving by default
Outreach records exportable for supervisory and compliance review

FAQ

Common compliance questions.

Pulled from actual conversations with the supervisory and CCO teams we work with.

Our firm is subject to FINRA rules. Does Rule 2210 apply to outreach through FINNY?

If your firm is a FINRA-member broker-dealer, then yes — Rule 2210 applies to advisor outreach sent through FINNY. The rule is triggered by the content of the message, not by FINNY itself. FINNY is designed to support fair and balanced communications, but firms should set their own review and approval procedures.

Is FINNY considered “cold outreach”?

FINNY facilitates personalized, research-based outreach to prospects who fit an advisor's target profile. Whether a message qualifies as “cold outreach” depends on prior relationships, consent, and on each firm's policy. Advisors should confirm with their compliance teams how FINNY may be used under their specific regulatory framework.

Who owns the communications records generated through FINNY?

Advisors own their communication records and the data they input into the platform. FINNY logs activity for supervisory review, and email is delivered through the advisor's connected email account, where it is captured by the firm's existing email archiving.

How does FINNY comply with Regulation S-P and GLBA?

FINNY is designed for growth and works with publicly available information and data from licensed providers. Customer non-public information is not required by the platform. Firms should still ensure that any integration of FINNY with their own systems complies with their information security policies.

What happens if a prospect complains about being contacted?

Advisors are responsible for responding to prospect complaints in accordance with their firm policies. FINNY can provide records of communication activity to support the advisor's response, and includes tools to flag prospects for no further contact.

How do we get the SOC 2 report and other compliance documents?

Request the compliance packet from this page — share your name, firm, and email and our team will send it over. It includes the SOC 2 Type II report, the due diligence questionnaire, the data handling overview, regulatory framework alignment, and insurance detail. If your firm has additional requirements — a Data Processing Addendum, vendor security questionnaire, or anything else — let us know in the same request and we'll get back to you directly.

Is FINNY itself a registered investment adviser?

FINNY is not a registered investment adviser. We do not provide investment advice or manage client assets — FINNY is software that supports advisor-led growth and outreach.

Have a question your CCO needs answered?

We work directly with compliance teams during onboarding. If something isn't covered in the packet, send it our way.

Email compliance team Book a working session

Important disclaimer

FINNY is a technology platform designed to support advisor growth and communication workflows. FINNY does not provide legal or compliance advice. Advisors and their supervising firms remain responsible for ensuring that their use of FINNY complies with all applicable laws, regulations, and firm policies.

This page is for informational purposes only and is not intended as legal or compliance guidance. Regulatory requirements may vary across firms and may change over time. FINNY's features and capabilities are continually evolving. For the most current information, please contact the FINNY team.