Security
Safely Manage Your Finances Online
To ensure a secure and hassle-free online experience while managing your money, we follow industry standard encryption techniques and best practices.
- We comply with modern banking regulations like Open Banking and PSD2, which gives you complete transparency and control over how and what data we can access.
- We can only access your financial data, but can NOT update it. Which means, we can't move your money in, out, or between any accounts, even if we wanted to. It's just not possible!
Your login information is not stored by us, but instead stored by our highly reputed sync providers --
Yodlee and
SaltEdge. These are market leaders in the financial technology industry, with vast experience connecting to financial institutions. Most likely, your bank's own online banking website is powered by one of them, that's how comptetent they are.
Learn more.
- Any information you upload or share with our server is encrypted during transmission to prevent a third party from eavesdropping.
- We uses industry leading security firms like Verisign, McAfee and Symantec to conduct rigorous daily security scans, comprising
of dynamic port scanning, port-level network services vulnerability testing, and web application vulnerability testing.
- We do not require you to share any personally identifiable information. You can manually import bank statements, if you don't wish to share your banking credentials.
FAQs
Why do I need to enter my online banking username and password?
Your online banking username and password are needed to automatically sync your accounts with your bank.
Unlike other hi-tech industries, the banking sector is a laggard and does not allow more secure ways of integration. So until
banks get their act together, this is the only way for a software like Buxfer to get your data from your bank on your behalf.
Note that you can still use Buxfer without syncing your accounts. If you are wary of sharing your username/password, then
you can still use Buxfer effectively by manually uploading bank statements.
Learn more about uploading transactions.
Are my online banking username and password safe with you?The bank's login information you share is not stored in our database, but is instead stored by our sync providers:
Yodlee and
SaltEdge. Once sent to the provider, we no longer have any access to your login information.
All our sync providers have decades of experience handling sensitive customer information. They even power payments and online banking interfaces for many banks.
Is it secure to sync with my bank?It is extremely secure (and convenient) to sync with your bank.
The bank's login information you share is not stored in our database, but is instead stored by our sync providers:
Yodlee and
SaltEdge. Once sent to the provider, we no longer have any access to your login information.
All our sync providers have decades of experience handling sensitive customer information. They even power payments and online banking interfaces for many banks.
How can I learn more about Yodlee and their security practices?Yodlee is a market leader in the financial technology industry, with a vast experience connecting to financial institutions. Through deep software and business integrations, Yodlee provides reliable and high quality aggregation of data from over 10,000 financial institutions all across the world. Yodlee adheres to leading financial industry practices for security, privacy, risk, and compliance management.
Yodlee banking platform disposes and tokenizes all credentials that are entered through the backend in a federally supervised method. As an FFIEC supervised Technology Service Provider, Yodlee follows the security and risk management standards required to engage with consumers and their financial data. Yodlee is supervised and examined by the OCC and all major banking regulators, and has undergone nearly 200 audits by financial institutions over a recent 24 month period. Yodlee is committed to its security infrastructure in the industry. Yodlee has been a leading provider of cloud-based financial technology services to global financial institutions and innovators for almost two decades. Yodlee's risk programs meet not only their expectations, but are also some of the most stringent security, privacy and compliance standards in the world.
How can I learn more about SaltEdge and their security practices?Salt Edge is a leading global financial provider that adheres to the highest international standards of privacy and security. The company is ISO/IEC 27001:2013 certified, as well as PCI DSS compliant. Salt Edge performs regular internal and external vulnerability assessments, security audits and penetration tests, executed by certified security service providers.
Salt Edge uses multiple encryption layers as well as tokenization technology to protect the most valuable data in our possession. The entire communication is done via TLS encrypted channels. The credentials are encrypted at least twice and they can be accessed only with one-time tokens. That means that if there is a breach in transmission, or if the public-facing Salt Edge API Gateway servers are compromised, the attackers will not be able to read the credentials.
Do you store any private information in the transactions I upload?
For OFX/QFX files, we store the following fields:
- TRNTYPE - transaction type
- DTPOSTED - date on which transaction was posted
- DTUSER - date on which transaction was initiated
- TRNAMT - amount of the transaction
- NAME - description
- MEMO - additional description
- CURDEF - currency
For QIF files, we store the following fields:
- D - date on which transaction was posted
- T - transaction amount
- N - check number
- P - description
- M - memo (additional description)