About Moneytree & Security

Privacy Initiatives

At Moneytree, your privacy is our top priority.
We don’t ask for or store more information than is required to use the service. Our goal is to provide a fully featured yet private experience.

Moneytree Do's

Here are some things we do to ensure your privacy and keep you in control.

  • We undergo independent privacy auditing and certification annually by TrustArc (formerly TRUSTe), a globally recognised privacy verification program
  • We allow you to easily opt-out and unsubscribe
  • We guarantee 100% deletion of your data within 24 hours of leaving Moneytree
  • We are committed to transparency, we provide advance notification of any significant terms of service changes

Moneytree Don'ts

Here is a list of all practices we refrain from, to ensure your privacy and keep you in control.

  • We don’t ask for personal information irrelevant to the service (such as age, sex, place of residence, occupation)
  • We don't advertise to you based on data analysis
  • We don't do ad retargeting to 3rd parties based on your behavior
  • We don't share your data for marketing offers

Security Initiatives

Great security is the cornerstone of trust.
Moneytree balances the latest security with a world class user experience.

Moneytree Do's

  • We run on PCIDSS / FISC / ISMS certified infrastructure
  • We implement global best security practices
  • We always use encrypted connections between our apps and our servers
  • We undergo regular security vulnerability and penetration assessments by security experts

Moneytree Don'ts

  • We don't use 3rd party advertising network libraries for tracking personal information
  • We don't transfer your personal information or raw data to 3rd parties without your express permission
  • We don’t require you to enter more personal information than is needed to provide the service
  • We don't unreasonably limit your access to your own data in order to compel you into a paid plan

Moneytree is running a public bug bounty program to fortify security across its website, API and mobile applications. See here for our press release. For security researchers, the technical program details are here.

Our View On Security and Privacy

The rapid growth of Fintech has created a renewed interest in security and privacy. With the upcoming Australia launch, we thought it was time to explain why Moneytree is considered the most trusted company in the financial data portability space.

It all begins with security including Secure Coding Practices and Review Processes. Moneytree provides privacy and security training with all new employees, periodic training of existing staff, and audits to ensure our best practices are always carried out.

Server Security:

We host our service on AWS and Heroku, widely acknowledged as industry-leading and secure infrastructure platforms. We carry out periodic vulnerability and penetration testing on all platforms, including all APIs and clients applications.

Protecting Your Data:

We use SSL Pinning to prevent Man-in-the-Middle (MITM) attacks. This involves bundling an encryption certificate in our native mobile apps to confirm when it is communicating with our services. Our native apps will refuse to connect with any server that cannot be cryptographically verified, such as an attacker on an insecure public Wifi network (actually this is not difficult to implement and should become an industry standard).

Additionally, Moneytree always encrypts data in flight, using Transport Layer Security (TLS), the successor to SSL. At rest data is protected using encrypted storage.

Moneytree and Privacy by Design:

Out of respect for your privacy, we believe in only collecting information necessary to provide the service. At registration we only request an email address and password, and the minimum authentication information necessary to aggregate data at your request. Unlike many online services that exist today, we will not request demographic data such as age, sex or other identifying data, without a valid and transparent business purpose.

At Moneytree we believe we can provide the most value to the world as a technology company, and not as an advertising or data marketing platform. We differ from competing services because we empower individuals by allowing them to i) choose the companies with which they choose to share their data, and ii) access next generation financial technology services using the data stored within Moneytree. We also refrain from "grey" practices such as selling anonymized data, which can potentially be de-anonymized by combining it with other data sets. Moneytree’s commitment to privacy is to provide non-zero sum outcomes, where you don’t have to sacrifice functionality or experience to maintain your right to privacy. For more information on Privacy by Design, there is a great summary on the website of the Information & Privacy Commissioner (Ontario).