We know that security is paramount
We are committed to protecting your data and privacy
Protecting your Data
Wealthica reads and saves your banking and investing data to build a visual dashboard of all your financial investment. Wealthica is strictly read-only. Trading, fund withdrawals, money transfers or other transactions are not possible through the platform to keep your money safe.
Safe and Secure Technology
We use the latest technology and have strict processes in place to protect your financial information. We use cloud services provided by Amazon Web Services (AWS) and managed by a team with over 20 years of experience in the web hosting industry. AWS’ data centres are certified ISO 27001, SOC 2 (Type II), PCI DSS (Level 1), FISMA. We also work closely with renowned firms (FDATA, BCF, Raymond Chabot) for legal, audit, tax and advisory services.
Constant Security Testing
We monitor continuously and run daily vulnerability scans on our website and apps to ensure continuous security.
Partners and Certifications
1Bank-Level Security
We secure your data with AES-256 encryption, the same rigorous standards used by banks. We also encrypt all in-transit data using the latest TLS 1.2 technology.The credentials you entrust us are encrypted, and none of our employees can access them. Our database administrators don’t have access to the encryption keys used. You can always get in touch with our security team at security@wealthica.com to report any issue, concern or ask security related questions.
2Secure Authentication
We support two factor authentication in your Wealthica account for enhanced security. When enabled, a security PIN is sent to your smartphone or authentication app to authorize login from a new device. That way, with your Wealthica credentials alone, it's impossible to access your financial information and the financial data you have stored on Wealthica.
3No one will see your data
No one on the Wealthica team will see your private data unless you specifically choose to share data with the support team. To protect your privacy further, when enabled, private mode prevents over-shoulder snooping by hiding all numbers and just shows changes in percentages. You can safely use Wealthica in private mode on your devices when working in public places, commuting or at work.
4Committed to your privacy
Wealthica will never sell, publish or share any identifiable personal information to third parties. Wealthica maintains compliance with the privacy law like California Consumer Privacy Act (CCPA), Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the European General Data Protection Regulation (GDPR). We enforce many documented policies to support our commitment towards data privacy.
5Industry-leading security
SOC for Service Organizations are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service. Wealthica is SOC2 Type 2 compliant and goes under regular audits.
6Control in your hands
After connecting your investment accounts to Wealthica, you can easily review new transactions across all your accounts. You can choose to receive (or not) a daily review of new transactions by email or by using the app, making it easy to detect any suspicious activity and monitor your accounts. You will always receive a notification from Wealthica whenever there is a login from a new location. Finally, you can delete your account in one click from preferences. It’s unrecoverable and all your data will be completely deleted from our systems.
How do you collect my financial data?
Wealthica is a strictly read-only platform. You cannot trade, withdraw funds, transfer money or conduct any other transactions through it. This is to keep your money safe. We establish a secure connection between Wealthica and your financial institution. We use API authorization or your credentials to retrieve your investment portfolio and collect your financial data. Many financial institutions allow us to collect investment data through portals with "read-only view" (no access to execute transactions).
Learn More about How it Works
Wealthica will always favor API authentication to connect to your financial accounts
When available, Wealthica will always favor API authentication to connect to your financial accounts since you don't have to share your account credentials. API authentication is considered, by industry standards, to be the best and most secure method. API authentication is an exclusive feature and advantage of the Wealthica ⌾Core collection of connectors when compared with other applications that rely only on third-party technology.
Security questions, 2-factor authentication and transaction PINs protect you further
In most cases, your credentials are needed to establish a secure connection between Wealthica and your financial institution. This connection is established using a connector from the Wealthica ⌾Core or Wealthica ♾Expand collection of connectors. While we will securely store your credentials, Wealthica ⌾Core connectors will never store the answers to your security questions and never ask for transaction PINs. Someone stealing your credentials and attempting to login from a new device won't be able to login without your security answers and 2-factor auth code in case it’s enabled at your institution.
Partnering with the industry leaders to protect your data and keep your credentials safe
We partner with some of the top security firms to offer you high-grade protection for your data. Connectors from the Wealthica ♾Expand collection are developped in partnership with fintech industry leader Yodlee/Envestnet and Plaid which has over a decade of experience connecting with financial institutions. Yodlee and Plaid are used by hundreds of financial institutions and fintech applications worldwide and is a publicly traded company used by 9 of the 15 largest US banks to manage their financial data. Wealthica ♾Expand provides an added layer of safety for your financial data.
Report Security Issues or Questions
You can get in touch with our security team at security@wealthica.com to report any issues, concerns or ask security related questions.
Security FAQ
Don’t see your question below? Ask us!
Why do you need my brokerage credentials?
Your credentials are needed to establish a secure connection between Wealthica and your financial institution. This allows us to collect your financial data and build your Wealthica dashboard and reports. Read the information above to learn more about how we collect your investment data securely.
Do you sell my personal information?
Your security and the protection of your personal information is our priority. We will never sell, publish or share your contact information or any identifiable personal information to third parties. You can read our privacy policy here.
What is 2FA and should I use it?
Wealthica supports two-factor verification (2FA) and is strongly recommended to protect your account. When configured, a unique temporary code will be required with your password in order to login to Wealthica. This code can be delivered through your mobile by SMS or generated through an application installed on your mobile. This feature can be enabled easily in the preference page of your Wealthica dashboard.
How do you protect my personal information?
Wealthica maintains compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the European General Data Protection Regulation (GDPR). Wealthica has many documented policies to support our commitment towards data privacy and information security.
Where is my personal data located?
Wealthica uses cloud services from Amazon Web Services (AWS) located within the Canadian region (Montreal), including servers, databases, and object storage. Your personal data is stored in Canada. However, we still use some services provided by AWS in the US to process some of your data. These services were and/or are still not available in Canada but our goal is to migrate all services to Canada as soon as possible and/or available.
