🛡️

Your Security is Our Priority

We implement bank-level or better security across all aspects of our technology to protect your most sensitive financial information.

🔐 Bank-Level Security Standards

We implement enterprise-grade security across all aspects of our technology, from data encryption to infrastructure, meeting the same rigorous standards used by major financial institutions including SOC 2 Type II, PCI DSS Level 1, and ISO 27001 certifications.

🏦 Your Banking Credentials Stay Private

Your banking login information is never viewed or stored by Advizmo. We use specialized financial data integration services with OAuth connections when possible, allowing you to authenticate directly with your bank without sharing credentials.

🔒 Complete Data Encryption

All financial data is encrypted both in transit (using TLS 1.3) and at rest in our database (using AES-256 encryption). Your information remains protected even if storage hardware is compromised.

📊 Data Minimization Principle

We collect only essential transaction and account information needed for our service. Personal identifying information is neither requested nor stored, even when provided through authentication processes.

🗑️ Complete Data Control

You can delete your data at any time from the mobile app settings or by contacting support. When you delete your account, we perform true deletion rather than simply deactivating it, completely removing all associated information.

Detailed Security Framework

Below you'll find comprehensive details about our security practices, data handling protocols, and technical infrastructure.

Your Data, Your Control

Transparency in Data Handling

Advizmo's team operates under strict data access protocols. Our team members do not access your personal financial information during routine operations. Access to customer data is limited to these specific scenarios:

  • When you explicitly request assistance requiring data access
  • In compliance with legal requirements

Each instance of data access follows our strict protocol:

  • Implementation of multi-level permission controls
  • Comprehensive access logging including purpose, duration, and authorization details
  • Required customer consent except where legally prohibited

Violations of these protocols result in immediate employment termination.

For analytical purposes, we may study anonymized, aggregated data patterns to improve our services. See our Privacy Policy for complete details.

Robust Account Protection

Your Advizmo account is secured through multiple layers of protection:

  • Password security using advanced cryptographic techniques (salting and iterative hashing)
  • Intelligent rate limiting and monitoring systems to prevent unauthorized access attempts
  • Comprehensive password requirements including minimum length and complexity standards
  • Proactive screening against known vulnerable password databases

Comprehensive Data Safeguards

Your financial information benefits from enterprise-grade protection:

  • Full encryption of stored data using AES-256 encryption standards
  • Secure data architecture ensuring information remains protected even if storage hardware is compromised
  • Complete data removal process upon account termination that thoroughly purges all associated information
  • True deletion rather than simply deactivating or archiving account data

Account deletion requires your explicit action. If your subscription lapses, we follow the data retention policies detailed below.

Data Retention Framework

Data Management Options

You have full control over your data with two approaches:

  • Immediate deletion: You can request complete data removal at any time from the settings section of the mobile app or by emailing support@advizmo.com.
  • Default retention: If your account naturally expires, all data is automatically removed after a 12-month retention period

Subscription Status Clarification

When you cancel your subscription, your account remains fully functional until the end of your current billing cycle. The 12-month retention period begins only after this active period concludes.

You have the option of deleting all your data at any time including when you cancel your subscription or any time thereafter.

Our philosophy is straightforward: if you no longer need our services, we don't need to retain your data beyond the specified periods. For comprehensive information on data handling practices, please review our Privacy Policy.

Technical Infrastructure

Cloud Security Architecture

Advizmo's platform is built on AWS cloud infrastructure, which meets rigorous industry security standards including:

  • SOC 2 Type II Certification
  • PCI DSS Level 1 Compliance
  • FISMA Moderate Authorization
  • Sarbanes-Oxley (SOX) Compliance
  • ISO 27001 Information Security Management System Certification
  • GDPR Compliance Framework
  • NIST 800-53 Security Controls Implementation
  • HITRUST CSF Certification

We implement the AWS Shared Responsibility Model, where AWS secures the underlying infrastructure while Advizmo maintains responsibility for implementing appropriate security controls at the application and data levels. Our security team conducts continuous compliance monitoring and undergoes regular third-party security assessments.

All customer data resides in United States-based AWS data centers with comprehensive security measures including TLS 1.3 encryption for data in transit and AES-256 encryption for data at rest.

Payment Processing Security

Advizmo adheres to Payment Card Industry (PCI) security standards through our integration with PCI-certified payment processors. Our payment architecture routes sensitive payment information directly to our processor's secure environment, bypassing Advizmo's servers entirely. This approach significantly reduces potential exposure of payment details.

Secure Financial Connections

To enable the synchronized view of your financial accounts, we partner with specialized financial data integration services that follow these security practices:

  • Credential Security: Your banking login information is never viewed or stored by Advizmo. Our integration partners employ specialized security infrastructure to protect this sensitive information.
  • Direct Authentication: Where supported, we implement OAuth connections allowing you to authenticate directly with your financial institution without sharing credentials with any intermediaries.
  • Data Minimization: We collect only essential transaction and account information (such as dates, transaction descriptions, amounts, and balances). Personal identifying information is neither requested nor stored in our systems, even when provided through the OAuth process.

Communication Security

All data exchanged between your devices and our platform is protected by enterprise-grade encryption:

  • TLS 1.3 protocol implementation for secure browser-server communications
  • AES_128_GCM (128-bit) encryption for all transmitted data
  • Content Security Policy implementation to prevent common web vulnerabilities

Beyond Technical Security

Awareness & Education

Even the most sophisticated security systems can be compromised through social engineering tactics. We recommend these security practices:

  1. Remember that Advizmo team members will never initiate contact requesting your login credentials. Only enter your username and password on our official login page.
  2. Always verify you're on our authentic domain (advizmo.com) before entering any sensitive information. Check the URL in your browser's address bar, especially when following email links.

Security Support

For any security concerns or questions, please contact our dedicated security team at security@advizmo.com. For more information about our data protection approach, please refer to our Privacy Policy.

Contact us any time for security questions at security@advizmo.com

Copyright (C) 2024 Advizmo. All rights reserved