Security

At MoneySwell, security is one of our top priorities, and we take it extremely seriously. Here are some ways we keep you and your data secure.

Access

Nobody at MoneySwell will access your data during the normal course of day-to-day operations. If you are having a problem with your account, we will only access your data under two conditions: a) it is necessary to solve your problem, and b) you give us written permission to do so.

Your MoneySwell account password is one-way salted and hashed using multiple iterations of a key derivation function for passwords. Even if somebody got access to your encrypted password, they would not be able to guess it without many years’ worth of attempts. We prevent brute-force password attacks, and only allow you to use strong passwords using a password strength library built by Dropbox (known as “zxcvbn”) and require all passwords to be at least eight characters.

Infrastructure

Our entire application infrastructure is built using the technology of Amazon Web Services (AWS). If you so desire, you can read more about Amazon’s physical data center access controls. Additionally, AWS has the following security certifications:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Account Sync

For syncing your account details with your financial institution(s), we use a well-known third-party provider called Plaid. There are more than 4,000 financial apps and services that are powered by Plaid. One of the benefits of using a service like Plaid is that MoneySwell never has access to your bank account login details. You enter them in a form provided by Plaid, who in turn returns to us an account-specific access token, which is what we store to get updates to your account details.

Payment Details

We don’t store credit card information and use a PCI-compliant processor (Chargebee) and payment gateway (Stripe).

Account Deletion

If you delete your account, your data is completely deleted from our servers (after the 30 day cancellation period).

Secure Communication

All data transferred between your browser and our systems is encrypted using the most up-to-date, secure transfer protocols. There is no way to use the MoneySwell application without using this secure connection. The details of our security certificate can be viewed by clicking on the lock symbol on the browser bar.

Additionally, we leverage a newer web browser security feature called Content Security Policy to prevent several common types of attacks.

We understand that security is of utmost importance for online applications these days, especially when dealing with financial data. We take our responsibility to keep you and your data safe extremely seriously, and value your trust in us and our comprehensive security measures.