Security

MoneyBook takes the security of your data seriously. This page summarizes our security practices. It is intended for transparency and for partners (including financial institutions and providers like Plaid) who require a clear description of how we protect user data.

1. Encryption

  • Data in transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security). This protects your credentials, account data, and transaction information from interception.
  • Data at rest: Where applicable, we use encryption at rest for sensitive data stored in our systems (e.g., databases and backups) to protect against unauthorized access.

2. Access controls

  • Authentication: Access to the Service requires secure sign-in. We support secure authentication methods and encourage strong, unique passwords. Where we integrate with identity providers, we rely on their security standards.
  • Authorization: Access to data is restricted on a need-to-know basis. Users can access only their own data; we use application- and database-level controls to enforce this.
  • Credentials and tokens: Sensitive tokens (e.g., for connected financial accounts) are stored securely and are not exposed to the client. We follow provider-recommended practices for token handling.

3. Infrastructure and operations

  • Hosting: We use reputable, security-conscious infrastructure providers that maintain physical and network security, monitoring, and compliance programs.
  • Updates and hardening: We apply security updates and follow secure configuration practices for our systems and dependencies.
  • Development: We follow secure development practices and aim to reduce risk from common vulnerabilities (e.g., injection, broken authentication).

4. Monitoring and incident response

  • Monitoring: We monitor our systems for suspicious activity, errors, and anomalies to help detect and respond to security events.
  • Incident response: In the event of a security incident that affects your data, we will assess impact and, where required by law or appropriate, notify affected users and regulators.

5. Third-party integrations

When you connect financial accounts through the Service, we use third-party providers (e.g., Plaid) that are subject to their own security and compliance requirements. We select providers that meet industry standards for handling financial data. Data shared with them is governed by our Privacy Policy and our Plaid disclosure.

6. Your role

You can help keep your account secure by: (1) using a strong, unique password and keeping it confidential; (2) signing out when using shared devices; (3) not sharing your login credentials; and (4) notifying us promptly if you suspect unauthorized access. Contact us via Support to report security concerns.

7. Compliance and audits

We aim to align our practices with commonly accepted security and privacy standards. We do not sell your personal information. For data handling and user rights, see our Privacy Policy and Data deletion page.

This page is for transparency only and does not create a contract. Security practices may be updated over time. For specific questions, contact us via Support.

Last updated: March 24, 2024.