We know that security is paramount

We are committed to protecting your data and privacy

Protecting your Data

Wealthica reads and saves your banking and investing data to build a visual dashboard of all your financial investment. Wealthica is strictly read-only. Trading, fund withdrawals, money transfers or other transactions are not possible through the platform to keep your money safe.

Safe and Secure Technology

We use the latest technology and have strict processes in place to protect your financial information. We use cloud services provided by Amazon Web Services (AWS) and managed by a team with over 20 years of experience in the web hosting industry. AWS’ data centres are certified ISO 27001, SOC 2 (Type II), PCI DSS (Level 1), FISMA. We also work closely with renowned firms (FDATA, BCF, Raymond Chabot) for legal, audit, tax and advisory services.

Constant Security Testing

We monitor continuously and run daily vulnerability scans on our website and apps to ensure continuous security.

Partners and Certifications

Fdata Amazon Web Services Detectify SSL Raymond Chabot Grant Thornton BCF

1Bank-Level Security

We secure your data with AES-256 encryption, the same rigorous standards used by banks. We also encrypt all in-transit data using the latest TLS 1.2 technology.The credentials you entrust us are encrypted, and none of our employees can access them. Our database administrators don’t have access to the encryption keys used. You can always get in touch with our security team at security@wealthica.com to report any issue, concern or ask security related questions.

Bank-Level Security
Secure Authentication

2Secure Authentication

We support two factor authentication in your Wealthica account for enhanced security. When enabled, a security PIN is sent to your smartphone or authentication app to authorize login from a new device. That way, with your Wealthica credentials alone, it's impossible to access your financial information and the financial data you have stored on Wealthica.

3No one will see your data

No one on the Wealthica team will see your private data unless you specifically choose to share data with the support team. To protect your privacy further, when enabled, private mode prevents over-shoulder snooping by hiding all numbers and just shows changes in percentages. You can safely use Wealthica in private mode on your devices when working in public places, commuting or at work.

No one will see your data
Committed to your privacy

4Committed to your privacy

Wealthica is a twelve-person team headquartered in Montréal, Québec. Most of us use Wealthica to manage our own financial lives. We will never sell, publish or share any identifiable personal information to third parties. Wealthica maintains compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the European General Data Protection Regulation (GDPR). We enforce many documented policies to support our commitment towards data privacy.

5Industry-leading security

SOC for Service Organizations are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service. Wealthica is SOC2 Type 2 compliant and goes under regular audits.

Industry-leading security
Control in your hands

6Control in your hands

After connecting your investment accounts to Wealthica, you can easily review new transactions across all your accounts. You can choose to receive (or not) a daily review of new transactions by email or by using the app, making it easy to detect any suspicious activity and monitor your accounts. You will always receive a notification from Wealthica whenever there is a login from a new location. Finally, you can delete your account in one click from preferences. It’s unrecoverable and all your data will be completely deleted from our systems.

How do you collect my financial data?

We first need to establish a secure connection between Wealthica and your financial institution. We use API authorization or your credentials to retrieve your investment portfolio and collect your financial data. Many financial institutions allow us to collect investment data through portals with "read-only view" (no access to execute transactions) which eliminates the risk of someone being able to move your money. Some brokerage institutions, on the other hand, allow API access (i.e. Questrade, Wealthsimple or Interactive Brokers). Wealthica will always favor this option since you don't have to share your account credentials. API authentication is considered, by industry standards, to be the best and most secure method.

Learn More about How it Works
title

Wealthica will always favor API authentication to connect to your financial accounts

When available, Wealthica will always favor API authentication to connect to your financial accounts since you don't have to share your account credentials. API authentication is considered, by industry standards, to be the best and most secure method. In addition to Questrade, we use API authentication with Wealthsimple, Interactive Brokers (Flex Reports) and CI Investing (formerly Wealthbar). API authentication is an exclusive feature and advantage of the Wealthica ⌾Core collection of connectors when compared with other applications that rely only on third-party technology.

title

Security questions, 2-factor authentication and transaction PINs protect you further

In most cases, your credentials are needed to establish a secure connection between Wealthica and your financial institution. This connection is established using a connector from the Wealthica ⌾Core or Wealthica ♾Expand collection of connectors. While we will securely store your credentials, Wealthica ⌾Core connectors will never store the answers to your security questions and never ask for transaction PINs. Someone stealing your credentials and attempting to login from a new device won't be able to login without your security answers and 2-factor auth code in case it’s enabled at your institution.

title

Partnering with the industry leaders to protect your data and keep your credentials safe

We partner with some of the top security firms to offer you high-grade protection for your data. Connectors from the Wealthica ♾Expand collection are developped in partnership with fintech industry leader Yodlee/Envestnet which has over a decade of experience connecting with financial institutions. Yodlee is used by hundreds of financial institutions and fintech applications worldwide and is a publicly traded company used by 9 of the 15 largest US banks to manage their financial data. Wealthica ♾Expand provides an added layer of safety for your financial data.

On the road to open finance

We are working with FDATA and its members towards a formal Open Finance system in Canada to make it easier for investors to connect and aggregate the data from all their investing accounts and give more control to the investor over their own financial data. Most of the financial institutions in Canada are still closed and don’t offer a simple and secure way to share your financial data with third party applications without sharing your credentials. Hopefuly, with your support and the support of innovative fintechs like Questrade or Wealthsimple, the big banks will follow the trend and make it easier for everyone to take control of their own financial data.

Report Security Issues or Questions

You can get in touch with our security team at security@wealthica.com to report any issues, concerns or ask security related questions.

Security FAQ

Don’t see your question below? Ask us!

Why do you need my brokerage credentials?

Your credentials are needed to establish a secure connection between Wealthica and your financial institution. This allows us to collect your financial data and build your Wealthica dashboard and reports. Read the information above to learn more about how we collect your investment data securely.

Do you sell my personal information?

Your security and the protection of your personal information is our priority. We will never sell, publish or share your contact information or any identifiable personal information to third parties. You can read our privacy policy here.

How does Wealthica make money if it's free?

We built Wealthica for us and are using it daily to track our personal investments. We plan to monetize the Wealthica Dashboard by offering paid add-ons in the future. We also offer a paid version of the Wealthica API that allows financial technology software providers to offer custom dashboards and use our data collection and aggregation technology to power their in-house software.

What is 2FA and should I use it?

Wealthica supports two-factor verification (2FA) and is strongly recommended to protect your account. When configured, a unique temporary code will be required with your password in order to login to Wealthica. This code can be delivered through your mobile by SMS or generated through an application installed on your mobile. This feature can be enabled easily in the preference page of your Wealthica dashboard.

How do you protect my personal information?

Wealthica maintains compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the European General Data Protection Regulation (GDPR). Wealthica has many documented policies to support our commitment towards data privacy and information security.

Where is my personal data located?

Wealthica uses cloud services from Amazon Web Services (AWS) located within the Canadian region (Montreal), including servers, databases, and object storage. Your personal data is stored in Canada. However, we still use some services provided by AWS in the US to process some of your data. These services were and/or are still not available in Canada but our goal is to migrate all services to Canada as soon as possible and/or available.