Electronically Signed By:
Isa Hasenko
Fintable Fraud Detection & Notification Process Organization: Fintable, Inc. Owner: Security & Compliance Approved By: Isa Hasenko Approval Date: 2025 August 15 Review Cadence: Annual or upon material change 1) Purpose This document outlines Fintable's process for detecting, escalating, and notifying clients of suspected or confirmed fraudulent activity that may affect their account access. While designed to be straightforward for our current small-team operations, it ensures timely responses and transparency in compliance with our Privacy Policy. 2) Scope This process applies to suspicious or unauthorized access to client accounts through Fintable's platform. 3) Detection Suspicious account access is detected through the following methods: Automated alerts for logins from new locations, additional verification for new devices, Sentry.io error monitoring and client reports of suspicious activity. 4) Escalation Upon detecting suspicious account access, a review will be initiated within two (2) business days. If the suspicion is confirmed, the client will be notified via email, with the Chief Security Officer (CSO) also being copied on the correspondence. The notification will include a summary of the suspicious activity, the actions being taken, and recommended client steps. 5) Client Notification Upon notification, the client will be informed about the suspicious activity and the actions being taken to address it. Clients will be notified within two (2) business days after Fintable confirms suspicious activity. The notification will be sent via email and will provide clear instructions for the client to secure their account. 6) Containment & Remediation If unauthorized access is suspected, Fintable may temporarily lock the account or require a password reset. During this process, Fintable will not remove data from Airtable or any connected systems. 7) Review & Improvement This process will be reviewed periodically, at least annually, to identify areas for improvement. As Fintable expands, a more formal incident response plan may replace this document. Note: This process is designed for Fintable’s current small-team operations and will be updated as the company grows. Approved By: Isa Hasenko Chief Executive Officer
Electronically Signed By:
Isa Hasenko