Security FAQ

We take security seriously at Cuspy - we're ISO27001:2022 and ISO9001 compliant & certified.

What is Cuspy?

Cuspy is an Australian tech startup specialising in asset and investor management solutions for organisations.

Do you have your trust center?

Yes. Visit https://trust.cuspy.app to explore our certifications, policies, and guidelines.

Does Cuspy support MFA?

Yes, we support MFA through both authenticator apps and SMS. Please see our Multi-Factor Authentication Configuration

πŸ”° Cuspy recommends using an authenticator app instead of SMS for better security and protection against hacks.

What are Cuspy's password requirements?

For Cuspy, your password must:

  • Be at least 8 characters long

  • Include at least 1 number

  • Include at least 1 special character

  • Include at least 1 uppercase letter

  • Include at least 1 lowercase letter

πŸ”° We highly recommend using a robust, randomly generated password from a trusted password management application that securely protects and stores your own credentials.

Does Cuspy store and disclose my credentials?

No, Cuspy does not store your credentials. Instead, your credentials are hashed as per industry best practices and stored with our trusted Identity Provider.

Does Cuspy offer an automatic session timeout feature for periods of inactivity?

Yes, as part of our Information Security Management System (ISMS) policy, user data is secured and becomes inaccessible after a period of inactivity.
​
The inactivity timeout for Cuspy is set to 15 minutes. However, users will be notified before the session expires, giving them the option to extend their session or sign out.

Do you perform penetration testing on your systems?

Yes, we conduct annual penetration testing through reputable external third parties. Our infrastructure, coding practices, and DevOps processes are also regularly reviewed by independent third-party assessors.

How can I verify that a communication or website I receive is genuinely from Cuspy?

Please checkout Offical Communication Channel

How can I access your security reports?

You can reach us at security@cuspy.app, and we will verify the purpose of these reports upon user request.

How do I report security vulnerability and suspicious messages?

Report suspicious emails or texts to security@cuspy.app and then delete the email or text straight after. Do not reply or engage with the sender.

Learn how to protect your email and accounts by visiting the following resources:

  1. Spotting Scams

  2. Recognise and Report Scams

How do I report a bug?

If you wish to report a product bug, please get in touch with our support team on help@cuspy.app