How is my data protected at FinLocker?

All personal identifiable information is encrypted over the internet and in the locker. We use TLS (Transport Layer Security) and AES (Advanced Encryption Standards) encryption which is one of the highest strength encryption technologies available. FinLocker uses the strongest version of AES known as AES-256.   


What about where the data is stored, how is that protected?

All data is processed and stored in Microsoft Azure U.S. data centers (the cloud).   Microsoft takes a layered approach to physical security, to reduce the risk of unauthorized users gaining physical access to data and the datacenter resources. 

How do you check to see if the latest security practices are being followed or how good yours is?

FinLocker is subject to third party audits such as the SOC 2 Type 2 audit which tests the effectiveness of a service providers controls.   The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Controls (SOC) framework, a framework for controls that safeguard the confidentiality and privacy of information stored and processed by a service provider.  

FinLocker also uses third parties to conduct vulnerability assessments. 

Are my account credentials (user id and password) stored with FinLocker?  

No. Consumer financial account credentials are not stored inside of FinLocker.

Can others see my personal data?  

No personal identifiable data is shared without your consent.