Your Financial Data, Protected
Security isn't just a feature at WealthFold—it's the foundation of everything we build. Your trust is our most valuable asset, and we protect it with industry-leading security measures.
How We Protect Your Data
Multiple layers of security work together to keep your financial information safe
Secure Data Storage
Your financial data is securely stored using a managed PostgreSQL database with industry-standard security practices.
- Cloud infrastructure encryption
- Secure managed database
- Regular automated backups
- HTTPS-only connections
HTTPS Everywhere
All data transmitted between your devices and our servers is protected with TLS encryption, ensuring privacy in transit.
- TLS encryption for all traffic
- Secure API endpoints
- HSTS enabled
- No plaintext connections
Secure Authentication
Protect your account with secure password-based authentication and optional social login via Google OAuth.
- Secure password hashing
- Google OAuth integration
- Session management
- Password reset via email
Manual Data Entry
WealthFold uses manual data entry - you control exactly what data is added. We never connect directly to your bank accounts.
- No bank account connections
- No automatic imports
- Full control over your data
- No third-party data access
Managed Infrastructure
Our infrastructure is hosted on a managed cloud platform built on AWS, with built-in security features.
- Managed cloud hosting
- AWS infrastructure
- Automated scaling
- Built-in DDoS protection
Data Isolation
Your data is isolated from other users with strict row-level security policies enforced at the database level.
- Row-level security (RLS)
- User-scoped data access
- Policy-based authorization
- Strict access controls
Our Security Practices
Proactive security measures to identify and address vulnerabilities before they become threats
Penetration Testing
We conduct annual third-party penetration tests and continuous automated security scanning to identify and fix vulnerabilities.
Bug Bounty Program
Security researchers can report vulnerabilities through our responsible disclosure program and receive rewards.
Employee Security
All employees undergo background checks, security training, and follow strict access control policies.
Incident Response
24/7 security monitoring with documented incident response procedures and breach notification protocols.
Your Data, Your Control
You maintain complete control over your data at all times
Automatic Backups
Your data is automatically backed up multiple times daily with point-in-time recovery capabilities.
Data Portability
Export all your data at any time in standard formats. Your data belongs to you.
Secure Deletion
When you delete your account, all your data is permanently and securely erased from our systems.
Session Management
View and manage all active sessions. Remotely log out from any device at any time.
Secure on Every Device
Whether you're on web, mobile, or desktop, your data remains protected
Web Application
- HTTPS-only access
- Content Security Policy
- XSS/CSRF protection
- Secure session handling
Mobile App
- Biometric authentication
- Secure credential storage
- Auto-lock on inactivity
- Same secure backend
Cloud Sync
- HTTPS encrypted sync
- Real-time sync
- Cross-device access
- Automatic backups
Help Us Keep You Safe
Security is a shared responsibility. Here are some tips to maximize your protection.
Use Google Sign-In
Sign in with Google for added security - Google handles authentication with their robust security infrastructure.
Use a Strong, Unique Password
Create a password with at least 12 characters, including numbers, symbols, and mixed case. Don't reuse passwords.
Keep Your Devices Updated
Install security updates promptly on all devices you use to access WealthFold.
Be Wary of Phishing
We'll never ask for your password via email. Always access WealthFold directly through our official website or app.
Review Connected Sessions
Regularly check your active sessions in account settings and revoke any you don't recognize.