We work with Amazon Web Services, a company trusted by hundreds of financial institutions to keep client data secure. Our server-instances are located in multiple AWS high-security availability zones and are compliant with the requirements outlined in SOC 2 and PCI. Additionally, AWS data centers are compliant with controls found in the the ISO 27001 information security framework.<\/p>\n
All communications with Blueleaf\u2019s software run over secure HTTPS with transport layer security (TLS 1.2, formerly SSL) protecting any communications from being intercepted. We authenticate our primary domain with an extended validation certificate from GeoTrust. We continuously monitor our network security posture through automated vulnerability scanning.<\/p>\n
Strong encryption is the foundation of a mature information security program. We encrypt data both while in transit and at rest. Where possible, risks are avoided by reducing complexity. For example, sensitive information such as your financial institutions\u2019 usernames and passwords are never stored.<\/p>\n
In addition to working with partners who follow industry security best practices, we have implemented policies, procedures, and controls that align with SOC 2, ISO 27001, and the BITS Voluntary Guidelines for Financial Services. Periodically, we employ external consultants to assist in security control development, audit compliance, and perform penetration tests.<\/p>\n
We\u2019ve built our infrastructure to collect and store only the information we need to help you understand your finances. We operate under the principle that information is only collected and stored when there is an appropriate business need. Your financial institutions\u2019 usernames and passwords are never stored on our servers. Those usernames and passwords remain on our partners\u2019 secure servers \u2013 the same servers that hold client data for Bank of America, Fidelity, and hundreds of other trusted institutions.<\/p>\n
We\u2019ll tell you if your password is easy to break so that you can make a better one, but we don\u2019t require arbitrary rules that make it hard to remember. We believe in a balanced approach. We don\u2019t use security questions whose answers are relatively common (such as names of people, pets, or cities). And we\u2019re constantly reading the latest security research to improve your experience and the safety of your information.<\/p>\n
Work with trusted partners We work with Amazon Web Services, a company trusted by hundreds of financial institutions to keep client data secure. Our server-instances are located in multiple AWS high-security availability zones and are compliant with the requirements outlined in SOC 2 and PCI. Additionally, AWS data centers are compliant with controls found in…<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"content-type":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"class_list":["post-24","page","type-page","status-publish","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.blueleaf.com\/wp-json\/wp\/v2\/pages\/24","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.blueleaf.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.blueleaf.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.blueleaf.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.blueleaf.com\/wp-json\/wp\/v2\/comments?post=24"}],"version-history":[{"count":0,"href":"https:\/\/www.blueleaf.com\/wp-json\/wp\/v2\/pages\/24\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.blueleaf.com\/wp-json\/wp\/v2\/media?parent=24"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}