Keeping Your Information Safe & Secure

Our highest priority is keeping your financial data safe and away from prying eyes. We use multiple layers of security, in every component of our systems, to keep your account information safe, and your information private.

To report a security vulnerability or issue,
please email our Security Team at security@investorkeep.com

ALL INFORMATION IS PROTECTED AT REST AND IN TRANSIT

We maintain strict internal access controls which ensure no individual at InvestorKeep has access to your bank credentials.

All data is encrypted using RSA with a 2048 bit encryption with salting the most critical customer data.

ADVANCED ENCRYPTION OF DATA

Encryption used by the InvestorKeep Platform™ is stronger than most major banks or brokerages

  • Our compute infrastructure requires the use of the most secure TLS v1.2 protocol, older TLS and SSL insecure versions are not allowed
  • Customer data is protected in our storage services which support the highest security standards and compliance certifications including SEC Rule 17a4, PCIDSS, HIPAA/HITECH, FedRAMP, EU GDPR, and FISMA.
  • Our data services use one of the strongest block ciphers available, 256bit Advanced Encryption Standard (AES256).
ROBUST ACCOUNT ACCESS & AUTHENTICATION

InvestorKeep’s authentication and account access controls are stronger than most major financial institutions. Your account will benefit from Two Factor Authentication as a second layer of security beyond your password to access your InvestorKeep account. When you enroll in InvestorKeep, we turn on Two Factor Authentication by default (and always give you the option to disable this extra layer of security at anytime).

  • In addition to your unique login name and password, you must first authenticate each device that accesses your account.
  • Before you can access your account on any new device, you'll receive an automated SMS asking to confirm your identity with a unique one time passcode.
  • Extra protection on iPhone with Touch ID authentication, and mobile only PINs on iOS and Android
PARTNERING WITH INDUSTRY LEADERS TO KEEP ACCESS TO YOUR FINANCIAL ACCOUNTS SECURE

InvestorKeep utilizes Yodlee, a financial technology industry leader, to facilitate securely linking your financial accounts to the InvestorKeep Platform. With over a decade of experience securely connecting with financial institutions (i.e. Morgan Stanley, Bank of America, J.P. Morgan Chase Bank, US Bank, etc.) Yodlee provides an added layer of safety between your data and anyone who would want to access your financial account information. Your bank and brokerage credentials are only stored at Yodlee, not with InvestorKeep. Ultimately, your credentials are safer in Yodlee's data center than they are in your browser.

DON’T JUST TAKE OUR WORD FOR IT

In addition to robust internal security auditing controls, we perform regular third-party security audits to test and verify the integrity of our systems and storage infrastructure.

Cybersecurity isn’t a technology problem— it’s a human one. InvestorKeep is adopting a crowdsourced security strategy as a powerful tool to identify external threats as well as vulnerabilities. Used by leading firms such as Google and Facebook to decrease risk on a global scale, InvestorKeep has adopted this advanced strategy to provide an additional layer of intrusion prevention to meet the threats lurking out in cyberspace.

There is a fundamental imbalance between the creativity and motivations of cyber attackers, and those of enterprise security defenders.

Crowdsourced security eliminates this imbalance by harnessing whitehat security researchers to find and eliminate vulnerabilities.

Highly vetted, trusted security researchers and private programs diffuse concerns of risk associated with crowdsourced security.

Vetted security researchers & programs provide focused results to support rapid risk reduction, threat detection, and mitigations.

Rest assured, when it comes to online security, there's not much we haven't seen. The entire staff at InvestorKeep understands the challenges of cybersecurity as well as the custodial responsibility we have to keep our customers information safe.

KEEPING YOU SECURE

In the event that your InvestorKeep account is ever compromised, our platform and application services are designed to ensure that you are still safe. InvestorKeep never sends you credentials to your browser. After linking your accounts, your credentials are stored at Yodlee and are only ever sent directly to your financial institution. We will never contact you and ask for your account credentials (whether to log into your InvestorKeep account or you financial accounts).

Trust starts with knowing your accounts are optimized