We are committed to protecting your data and privacy
Wealthica reads and saves your banking and investing data to build a visual dashboard of all your financial investment. Wealthica is strictly read-only. Trading, fund withdrawals, money transfers or other transactions are not possible through the platform to keep your money safe.
We use the latest technology and have strict processes in place to protect your financial information. We use cloud services provided by Amazon Web Services (AWS) and managed by a team with over 20 years of experience in the web hosting industry. AWS’ data centres are certified ISO 27001, SOC 2 (Type II), PCI DSS (Level 1), FISMA. We also work closely with renowned firms (FDATA, BCF, Raymond Chabot) for legal, audit, tax and advisory services.
We monitor continuously and run daily vulnerability scans on our website and apps to ensure continuous security.
We secure your data with AES-256 encryption, the same rigorous standards used by banks. We also encrypt all in-transit data using the latest TLS 1.2 technology.The credentials you entrust us are encrypted, and none of our employees can access them. Our database administrators don’t have access to the encryption keys used. You can always get in touch with our security team at firstname.lastname@example.org to report any issue, concern or ask security related questions.
We support two factor authentication in your Wealthica account for enhanced security. When enabled, a security PIN is sent to your smartphone or authentication app to authorize login from a new device. That way, with your Wealthica credentials alone, it's impossible to access your financial information and the financial data you have stored on Wealthica.
No one on the Wealthica team will see your private data unless you specifically choose to share data with the support team. To protect your privacy further, when enabled, private mode prevents over-shoulder snooping by hiding all numbers and just shows changes in percentages. You can safely use Wealthica in private mode on your devices when working in public places, commuting or at work.
Wealthica is a twelve-person team headquartered in Montréal, Québec. Most of us use Wealthica to manage our own financial lives. We will never sell, publish or share any identifiable personal information to third parties. Wealthica maintains compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the European General Data Protection Regulation (GDPR). We enforce many documented policies to support our commitment towards data privacy.
After connecting your investment accounts to Wealthica, you can easily review new transactions across all your accounts. You can choose to receive (or not) a daily review of new transactions by email or by using the app, making it easy to detect any suspicious activity and monitor your accounts. You will always receive a notification from Wealthica whenever there is a login from a new location. Finally, you can delete your account in one click from preferences. It’s unrecoverable and all your data will be completely deleted from our systems.
We first need to establish a secure connection between Wealthica and your financial institution. We use API authorization or your credentials to retrieve your investment portfolio and collect your financial data. Many financial institutions allow us to collect investment data through portals with "read-only view" (no access to execute transactions) which eliminates the risk of someone being able to move your money. Some brokerage institutions, on the other hand, allow API access (i.e. Questrade, Wealthsimple or Interactive Brokers). Wealthica will always favor this option since you don't have to share your account credentials. API authentication is considered, by industry standards, to be the best and most secure method.Learn More about How it Works
When available, Wealthica will always favor API authentication to connect to your financial accounts since you don't have to share your account credentials. API authentication is considered, by industry standards, to be the best and most secure method. In addition to Questrade, we use API authentication with Wealthsimple, Interactive Brokers (Flex Reports) and CI Investing (formerly Wealthbar). API authentication is an exclusive feature and advantage of the Wealthica ⌾Core collection of connectors when compared with other applications that rely only on third-party technology.
In most cases, your credentials are needed to establish a secure connection between Wealthica and your financial institution. This connection is established using a connector from the Wealthica ⌾Core or Wealthica ♾Expand collection of connectors. While we will securely store your credentials, Wealthica ⌾Core connectors will never store the answers to your security questions and never ask for transaction PINs. Someone stealing your credentials and attempting to login from a new device won't be able to login without your security answers and 2-factor auth code in case it’s enabled at your institution.
We partner with some of the top security firms to offer you high-grade protection for your data. Connectors from the Wealthica ♾Expand collection are developped in partnership with fintech industry leader Yodlee/Envestnet which has over a decade of experience connecting with financial institutions. Yodlee is used by hundreds of financial institutions and fintech applications worldwide and is a publicly traded company used by 9 of the 15 largest US banks to manage their financial data. Wealthica ♾Expand provides an added layer of safety for your financial data.
You can get in touch with our security team at email@example.com to report any issues, concerns or ask security related questions.
Your credentials are needed to establish a secure connection between Wealthica and your financial institution. This allows us to collect your financial data and build your Wealthica dashboard and reports. Read the information above to learn more about how we collect your investment data securely.
We built Wealthica for us and are using it daily to track our personal investments. We plan to monetize the Wealthica Dashboard by offering paid add-ons in the future. We also offer a paid version of the Wealthica API that allows financial technology software providers to offer custom dashboards and use our data collection and aggregation technology to power their in-house software.
Wealthica supports two-factor verification (2FA) and is strongly recommended to protect your account. When configured, a unique temporary code will be required with your password in order to login to Wealthica. This code can be delivered through your mobile by SMS or generated through an application installed on your mobile. This feature can be enabled easily in the preference page of your Wealthica dashboard.
Wealthica maintains compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the European General Data Protection Regulation (GDPR). Wealthica has many documented policies to support our commitment towards data privacy and information security.
Wealthica uses cloud services from Amazon Web Services (AWS) located within the Canadian region (Montreal), including servers, databases, and object storage. Your personal data is stored in Canada. However, we still use some services provided by AWS in the US to process some of your data. These services were and/or are still not available in Canada but our goal is to migrate all services to Canada as soon as possible and/or available.