Your personal information is protected between your browser and our servers through Secure Socket Layers provided by Verisign. The same security is also in place from our servers to Yodlee. We use certificates with Extended Validation with a 256-bit minimum encryption, and services that are ISO 27001 accredited. This means that your data has the highest standard of protection at all times.
All of our services are routinely inspected, tested and audited by qualified security and data specialists, and we have partnered with Commissum to act as an independent security auditor for our environment. Commissum conduct web and mobile application security assessments (including penetration testing), audits of infrastructure setup (including server and operating system security processes) and audits of our anonymisation techniques.
Application security assessments are conducted on an regular basis (most recent September 2017).
Our services are reviewed and audited externally on a regular basis and we are authorised and regulated by the Financial Conduct Authority, registration number 800652. For more information on the FCA's provision of Account Information Service Providers (AISPs), see here.