Banking & Brokerage Accounts
Finary does not store your banking credentials and cannot move your money.
We have read-only access that allows us to display your data in your account. That's it.
Banking & Brokerage Credentials
Your credentials are securely encrypted and managed by our regulated aggregator partners, Plaid (US, Canada & UK), Powens (EU), and Flanks (EU).
Plaid is the world's leading account aggregator.
Powens (formerly Budget Insight) is the leader on the French market and is regulated by the French Central Bank.
Flanks is a Barcelona-based company that is regulated by the Bank of Spain.
Crypto exchanges like Binance or Kraken can safely be connected via API keys that you can generate on your account.
Finary does not have access to your password.
You control these keys and can revoke them in one click.
These API keys are read-only. We can't initiate trades or move money in your accounts.
Data Protection and Privacy
A subset of the team can need to access your data for debugging purpose : it's only possible after you've contacted our help-desk and explicitly agreed to it. Those actions are logged and audited on our side.
Security at Finary
Finary is secure by design. We enforce state of the art security controls in order to protect your privacy as well as your financial data.
Communications between your client (browser or the mobile application) are encrypted using a recent version of TLS. Same goes for communications inside our platform, and between our platform and our partners.
Automatic backups allow us to quickly restore your data in case of data loss.
Our data-stores and our backups are encrypted at rest using AES-256.
Our platform is deployed in GCP, in European zones, leveraging Google's expertise on hosting and security.
We conduct routine third-party code audits and penetration tests to identify and resolve vulnerabilities in our systems.
We manage a bug-bounty program where security researchers help us surface potential issues all year long.
We continuously improve our secure software development processes.
Every team member follows security and privacy training upon arrival, and regularly afterwards.
Our engineering team also stays current with industry standards and emerging threats to ensure that our security measures remain robust and up-to-date.
Team computers are enrolled in MDM, ensuring that disks are encrypted, and systems and applications are up to date and configured in a secure manner.
We have implemented strict access controls to our platform. No member of our team has more rights than necessary for their daily activities, and robust two-factor authentication is mandatory on each internal and/or sensitive tool.
If you're a security professional who has identified a potential security issue with our platform, we greatly value your responsible disclosure and expertise. You can send us an email at security [at] finary.com.
If you're eligible and interested in joining our private bug bounty program, send us an email at bugbounty [at] finary.com.