Defend Your Money LLC, Security Policy (last modified 8/29/19)
Security and protection of your data are a top priority for us. We use the highest industry standards and spare no expense in ensuring your data is safe.
Our development team and API service are all based right here in the USA.
All information transferred over the web can be read like a children's book unless we scramble it using encryption. We enforce a strict level of encryption, similar to banks (SSL /TLS1.2), on all requests to our apps as well as all data requested or sent by the apps.
All data stored with us is encrypted using an advanced standard (AES-256) or better. The encryption is done with symmetric keys and we also encrypt the keys and change them regularly.
In addition, we double encrypt extra sensitive data like names and passwords.
Server and Database Access
We limit the number of people who have access to production data and we protect that access using two factor authentication.
Any server on the web can try to connect to any other server on the web. A firewall allows us to prevent connections for all servers except our own. All Defend Your Money servers are protected by separate firewall layers.
The internet and all software on it is undergoing a constant stream of updates. These updates often include bug fixes and security fixes. Keeping up with these changes is something that is built into our process, in fact, every time we deploy code changes, our servers are re-built from scratch to include many of these fixes automatically.
As we add new features or edit existing ones, we're constantly making changes to the code. After these changes are tested, they are also reviewed by senior level developers. Once approved, these changes are never directly transferred from a developer's computer to a live server, but they're submitted to a code repository where they're reviewed again and built from scratch before they're pulled from there to a production environment.
We use Finicity and leading API service in the United States as the bridge between our app and our clients financial institutions. For information on the security practices of Finicity please visit finicity.com/security.