We take security and your privacy very seriously. That’s why we’ve partnered with financial data aggregators Finicity (a Mastercard company) and Plaid to provide access to your accounts. As leaders in the aggregation space, they specialize in retrieving and handling sensitive financial information on behalf of many financial institutions and fintechs.
When you connect an account to AssetClass, you’re allowing Finicity and Plaid access to your accounts on our behalf. AssetClass never sees your usernames or passwords. After you connect an account, AssetClass gets read-only access to your financial data, including holdings, balances, and transactions.
Some institutions allow us access to your account through a technology called OAuth. So when you, for example, connect Coinbase on AssetClass, you’ll log in on their website with your username and password. AssetClass never sees your credentials. You’ll get to approve the connection and the level of access we get. We then get read-only access to your accounts in the same way we would through Finicity and Plaid. You can revoke our access at any time through the institution.
All of our systems, along with those of both Finicity and Plaid employ industry-standard encryption technology – the same used by financial institutions.
Whenever data is transmitted, SSL encryption is required. Wherever we store user data, it is encrypted at rest. Additionally, especially sensitive user information, like emails and names, are encrypted again at the application level using AES 256 with a separate encryption key. Finally, your AssetClass password (again, we never have access to your bank credentials) is securely hashed using bcrypt with a cost factor of 12.
We are committed to your right to privacy and protecting your personal information. We don’t sell or share your data with any 3rd party. We don’t use your data for any other purpose other than allowing you to view it within the AssetClass platform. We don’t use your data to upsell you on any unwanted services.
Your personal data in AssetClass is encrypted at rest using the same industry-standard technology used by our data providers. We obfuscate personally-identifiable data such as email and names to protect your privacy from our internal team.