Our highest priority is keeping your financial data safe and away from prying eyes. We use multiple layers of security, in every component of our systems, to keep your account information safe, and your information private.
To report a security vulnerability or issue,
please email our Security Team at firstname.lastname@example.org
We maintain strict internal access controls which ensure no individual at InvestorKeep has access to your bank credentials.
All data is encrypted using RSA with a 2048 bit encryption with salting the most critical customer data.
Encryption used by the InvestorKeep Platform™ is stronger than most major banks or brokerages
InvestorKeep’s authentication and account access controls are stronger than most major financial institutions. Your account will benefit from Two Factor Authentication as a second layer of security beyond your password to access your InvestorKeep account. When you enroll in InvestorKeep, we turn on Two Factor Authentication by default (and always give you the option to disable this extra layer of security at anytime).
InvestorKeep utilizes Yodlee, a financial technology industry leader, to facilitate securely linking your financial accounts to the InvestorKeep Platform. With over a decade of experience securely connecting with financial institutions (i.e. Morgan Stanley, Bank of America, J.P. Morgan Chase Bank, US Bank, etc.) Yodlee provides an added layer of safety between your data and anyone who would want to access your financial account information. Your bank and brokerage credentials are only stored at Yodlee, not with InvestorKeep. Ultimately, your credentials are safer in Yodlee's data center than they are in your browser.
In addition to robust internal security auditing controls, we perform regular third-party security audits to test and verify the integrity of our systems and storage infrastructure.
Cybersecurity isn’t a technology problem— it’s a human one. InvestorKeep is adopting a crowdsourced security strategy as a powerful tool to identify external threats as well as vulnerabilities. Used by leading firms such as Google and Facebook to decrease risk on a global scale, InvestorKeep has adopted this advanced strategy to provide an additional layer of intrusion prevention to meet the threats lurking out in cyberspace.
There is a fundamental imbalance between the creativity and motivations of cyber attackers, and those of enterprise security defenders.
Crowdsourced security eliminates this imbalance by harnessing whitehat security researchers to find and eliminate vulnerabilities.
Highly vetted, trusted security researchers and private programs diffuse concerns of risk associated with crowdsourced security.
Vetted security researchers & programs provide focused results to support rapid risk reduction, threat detection, and mitigations.
Rest assured, when it comes to online security, there's not much we haven't seen. The entire staff at InvestorKeep understands the challenges of cybersecurity as well as the custodial responsibility we have to keep our customers information safe.
In the event that your InvestorKeep account is ever compromised, our platform and application services are designed to ensure that you are still safe. InvestorKeep never sends you credentials to your browser. After linking your accounts, your credentials are stored at Yodlee and are only ever sent directly to your financial institution. We will never contact you and ask for your account credentials (whether to log into your InvestorKeep account or you financial accounts).