Security

At MoneySwell, security is one of our top priorities, and we take it extremely seriously. Here are some ways we keep you and your data secure.

Access

Nobody at MoneySwell will access your data during the normal course of day-to-day operations. If you are having a problem with your account, we will only access your data under two conditions: a) it is necessary to solve your problem, and b) you give us written permission to do so.

Your MoneySwell account password is one-way salted and hashed using multiple iterations of a key derivation function for passwords. Even if somebody got access to your encrypted password, they would not be able to guess it without many years’ worth of attempts. We prevent brute-force password attacks, and only allow you to use strong passwords using a password strength library built by Dropbox.

Infrastructure

Our entire application infrastructure is built using the technology of Amazon Web Services (AWS). If you so desire, you can read more about Amazon’s physical data center access controls.

Account Sync

For syncing your account details with your financial institution(s), we use a well-known third party provider called Plaid. There are more than 4,000 financial apps and services that are powered by Plaid. One of the benefits of using a service like Plaid is that MoneySwell never has access to your bank account login details. You enter them in a form provided by Plaid, who in turn returns to us an account-specific access token, which is what we store to get updates to your account details.

Encryption

The access token we receive from Plaid, as well as all other sensitive financial account details, are encrypted at rest on our servers. This means that even if some malicious third-party was somehow able to bypass Amazon’s stringent physical security requirements, they would not be able to read your financial data.

Secure Communication

All data transferred between your browser and our systems is encrypted using the most up-to-date, secure transfer protocols. There is no way to use the MoneySwell application without using this secure connection. The details of our security certificate can be viewed by clicking on the lock symbol on the browser bar.

Additionally, we leverage a newer web browser security feature called Content Security Policy to prevent several common types of attacks.

We understand that security is of utmost importance for online applications these days, especially when dealing with financial data. We take our responsibility to keep you and your data safe extremely seriously, and value your trust in us and our comprehensive security measures.