FutureFuel.io Security Overview


All data transmitted through are systems is secured with TLS 1.1 or above using elliptic-curve Diffie–Hellman keys. These keys have a unique benefit: they can not be used to decrypt previously encrypted traffic.


All web servers sit behind an application load balancer and web application firewall. This eliminates all direct connections to our servers from the outside world. Only scanned, verified, safe traffic is allowed through from client connections to our actual servers.


All client data is stored in databases that are encrypted at rest. We are using Amazon Key Management Service to manage our encryption keys for this process. We are encrypting with AES 256 symmetric key encryption.

User Financials

All user sensitive financial data, such as bank account numbers, are encrypted a second time so that someone with direct database access cannot read these values. The data is decrypted on the fly, and transmitted to the client over an encrypted channel. This means that only the client can view these values under normal site operations.


All user passwords are stored in our database using an irreversible hash function. There is no process by which these passwords can be revealed. Assuming one thousand guesses per second, it would take an average of 870,000 years to correctly guess a user’s password that meets our password requirements. If someone forgets their password we can’t give it to them they need to reset it.

Security Testing

We run an automated vulnerability scan to look for exploits into our systems. Each scan uses the latest Common Vulnerabilities and Exposures (CVE) list to test our systems for potential issues. We also contract a third-party company to further test our systems.

Data Centers

FutureFuel.io infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon’s data center operations have been accredited under:

ISO 27001, ISO 27017, ISO 27018
SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3
PCI DSS Level 1
FISMA Moderate
Sarbanes-Oxley (SOX)
SEC Rule 17a-4(f)
Certifications and Audits
October 2019 – SOC 2 Type 1 and SOC 2 Type 2
Pending – FISMA and ISO 27001


If you have questions about our security overview, you can email us at security@futurefuel.io.