Security at Advizmo

At Advizmo, we understand that your financial data is among your most sensitive personal information. That's why security and privacy are foundational pillars of our service. This document outlines our comprehensive approach to protecting your information.

Your Data, Your Control

Transparency in Data Handling

Advizmo's team operates under strict data access protocols. Our team members do not access your personal financial information during routine operations. Access to customer data is limited to these specific scenarios:

• When you explicitly request assistance requiring data access
• In compliance with legal requirements

Each instance of data access follows our strict protocol:

• Implementation of multi-level permission controls
• Comprehensive access logging including purpose, duration, and authorization details
• Required customer consent except where legally prohibited

Violations of these protocols result in immediate employment termination.

For analytical purposes, we may study anonymized, aggregated data patterns to improve our services. See our Privacy Policy for complete details.

Robust Account Protection

Your Advizmo account is secured through multiple layers of protection:

• Password security using advanced cryptographic techniques (salting and iterative hashing)
• Intelligent rate limiting and monitoring systems to prevent unauthorized access attempts
• Comprehensive password requirements including minimum length and complexity standards
• Proactive screening against known vulnerable password databases

Comprehensive Data Safeguards

Your financial information benefits from enterprise-grade protection:

• Full encryption of stored data using AES-256 encryption standards
• Secure data architecture ensuring information remains protected even if storage hardware is compromised
• Complete data removal process upon account termination that thoroughly purges all associated information
• True deletion rather than simply deactivating or archiving account data

Account deletion requires your explicit action. If your subscription lapses, we follow the data retention policies detailed below.

Data Retention Framework

We've established clear guidelines regarding how long we retain your information:

Retention Timeline

After a subscription or trial period ends, we maintain account data for up to 12 months. This retention period enables seamless account reactivation should you choose to return to Advizmo.

Subscription Status Clarification

When you cancel your subscription, your account remains fully functional until the end of your current billing cycle. The 12-month retention period begins only after this active period concludes.

Data Management Options

You have full control over your data with two approaches:

• Default retention: If your account naturally expires, all data is automatically removed after the 12-month retention period
• Immediate deletion: You can request complete data removal at any time through the process outlined in our Privacy Policy

Our philosophy is straightforward: if you no longer need our services, we don't need to retain your data beyond the specified periods. For comprehensive information on data handling practices, please review our Privacy Policy.

Technical Infrastructure

Cloud Security Architecture

Advizmo's platform is built on AWS cloud infrastructure, which meets rigorous industry security standards including:

• SOC 2 Type II Certification
• PCI DSS Level 1 Compliance
• FISMA Moderate Authorization
• Sarbanes-Oxley (SOX) Compliance
• ISO 27001 Information Security Management System Certification
• GDPR Compliance Framework
• NIST 800-53 Security Controls Implementation
• HITRUST CSF Certification

We implement the AWS Shared Responsibility Model, where AWS secures the underlying infrastructure while Advizmo maintains responsibility for implementing appropriate security controls at the application and data levels. Our security team conducts continuous compliance monitoring and undergoes regular third-party security assessments.

All customer data resides in United States-based AWS data centers with comprehensive security measures including TLS 1.3 encryption for data in transit and AES-256 encryption for data at rest.

Payment Processing Security

Advizmo adheres to Payment Card Industry (PCI) security standards through our integration with PCI-certified payment processors. Our payment architecture routes sensitive payment information directly to our processor's secure environment, bypassing Advizmo's servers entirely. This approach significantly reduces potential exposure of payment details.

Secure Financial Connections

To enable the synchronized view of your financial accounts, we partner with specialized financial data integration services that follow these security practices:

• Credential Security: Your banking login information is never viewed or stored by Advizmo. Our integration partners employ specialized security infrastructure to protect this sensitive information.
• Direct Authentication: Where supported, we implement OAuth connections allowing you to authenticate directly with your financial institution without sharing credentials with any intermediaries.
• Data Minimization: We collect only essential transaction and account information (such as dates, transaction descriptions, amounts, and balances). Personal identifying information is neither requested nor stored in our systems, even when provided through the OAuth process.

Communication Security

All data exchanged between your devices and our platform is protected by enterprise-grade encryption:

• TLS 1.3 protocol implementation for secure browser-server communications
• AES_128_GCM (128-bit) encryption for all transmitted data
• Content Security Policy implementation to prevent common web vulnerabilities

Beyond Technical Security

Awareness & Education

Even the most sophisticated security systems can be compromised through social engineering tactics. We recommend these security practices:

1. Remember that Advizmo team members will never initiate contact requesting your login credentials. Only enter your username and password on our official login page.
2. Always verify you're on our authentic domain (advizmo.com) before entering any sensitive information. Check the URL in your browser's address bar, especially when following email links.

Security Support

For any security concerns or questions, please contact our dedicated security team at security@advizmo.com. For more information about our data protection approach, please refer to our Privacy Policy.