We DO NOT store logins for your financial institutions so to avoid becoming a target from potential hackers. Instead, we securely connect to your financial institutions using a third-party tool called Plaid. Plaid is widely trusted tool used by many financial services companies like Betterment and Robinhood. Plaid is regulated, audited, and vetted several times a year by accredited institutions, and by the banks themselves. We've entrusted them with handling the connection to your bank on our behalf, and we simply have a data subscription to your transaction histories and account balances. They exceed the general practice policies the financial industry has put in place like PCI Compliance and SOC2.
Once we get your transaction and balance data, we encrypt it at rest when stored on our servers. If anyone managed to break into our servers, they wouldn’t actually be able to read your data. Said another way, if a hacker got their hands on your data, it would read more like the Matrix than anything legible or compromising.
Lastly, should you ever choose to delete your Zeta account, after we’re done crying a little inside, we take your data and completely and irreversibly remove that info from our database. You can request this through your profile and we’ll double-check that this is really, really what you want, before taking the nuclear approach.
Zeta’s infrastructure is built on Heroku, which leverages the Amazon Web Service (AWS) technology. Why should you care? Because this is the same tech trusted by many institutions including the CIA. Amazon and Heroku both have rather intense security protocols which you can read all about here and here.
Because finances are a personal thing, our team does not access or interact with your personally-identifiable financial data as part of our regular operations. While our team is able to see the institution and types of accounts you might have, we don’t see any balances or transactions. We’ve implemented multiple systems to ensure that our team doesn’t go looking up your finances for kicks. However, we do analyze anonymous, aggregated data for internal business purposes or to surface insights through our benchmarking tool.
There are two situations where your data *may* be accessed:
1. You explicitly give us access to look at your data. This might be because you’re signing up for our recommendations or asking us to help you problem solve through your account. In this instance, all user data is access-controlled and documented to make sure we are only seeing what you want us to see.
2. Only one engineer on our team has access to our production database where your information is stored. They’ve signed an extra-strict data access standard and will be immediately dismissed should they violate our data access policy in any way.
Lastly, we’re incredibly thoughtful about access protocols for you and your invited partner. We start by helping you choose a strong, secure password. Once defined, your password is encrypted so that even if someone were to steal all of our users passwords, they wouldn’t be able to read them. If you love Zeta enough to invite your partner, we follow a two-step authentication process with them before exposing what you’ve chosen to share with them. Why? Because we’re anal people who want to be really, really sure.
Follow us :