Security and Privacy

Your data security and privacy is our top priority

Our "Privacy-first" philosophy

We have a privacy-first philosophy at FinWise, we consider the data we collect and use about you in order to provide our service as your own, and so we never sell or share your data with any 3rd parties what-so-ever. We encourage you to read more about this in detail in our Privacy Policy.

Securely connecting your accounts

We securely connect to banks and financial institutions through trusted service providers, namely Plaid and Yodlee, who are regularly audited and vetted by security experts from around the world. These service providers are also trusted and used by prominent financial institutions including Stripe, Venmo and Robinhood and many others.

When using Plaid or Yodlee to connect your bank accounts to FinWise, your login details are never seen or stored by FinWise. When you attempt to connect an account, FinWise will present you with a secure popup from either Plaid or Yodlee and your login details are securely sent directly to Plaid or Yodlee and no other service provider or system gets access to your login details. This can be verified by inspecting the source code of our dashboard (Right-click view source & inspect) and also by looking at the network requests in your browser's developer tools.

Whats more is that more and more banks are starting to provide a more secure login process called OAuth, which lets you connect your bank accounts to FinWise without ever having to enter your login details into Plaid or Yodlee. This is something we are very happy about and are actively encouraging banks and financial institutions to adopt.

To learn more about the security and privacy of Plaid and Yodlee, you can read their privacy and security pages here:

• Plaid: https://plaid.com/safety
• Yodlee: https://www.yodlee.com/europe/legal/privacy-notice

How we keep your data safe and secure

We implement strict security measures and processes in order to keep your data safe and secure on FinWise. We adhere to industry best practices and use the same level of security and privacy measures as banks do to ensure that all your data is safe and secure.

Some of the things we do to keep your data safe and secure include:

• Strong data encryption for data both in-transit and at rest in our database.
• We use secure and trusted hosting providers for our infrastructure (Heroku/AWS).
• All service providers are secured with strong passwords and multi-factor authentication.
• Core infrastructure and service providers are secured with IP-whitelisting, VPNs and network firewalling.
• Core infrastructure and service providers have strict access control methods in place, with audit trails and access logs.
• We have high code test coverage with automated testing, and all authentication & authorization code is thoroughly and redundantly tested with unit, integration and end-to-end tests, as well as with multiple redundant sanity checks built into the code.
• We have automated vulnerability scanning and monitoring to ensure the security of our infrastructure, services and code.

Our commitment to your privacy and security

We are committed to your data privacy and security, here is how:

FinWise has been built to be fully ISO, SOC2 and GDPR compliant based on the experience of our engineering team who have worked with many large international financial institutions over many years. As soon as we complete our audits, the audit and reports will be made available to the public on our website.

In addition to this, we want to make FinWise completely open source over time once we reach a critical mass of users and the risk of someone copying our code and out-competing us is sufficiently low. All our code and history will be available to be reviewed and scrutinized by the public.

Got a question? Get in touch, we're always happy to help and answer any questions you might have.