Key elements :
Finary doesn't have access to your banking credentials
Finary can't initiate transactions on your accounts
Finary only retrieves your data to display and enrich it
Banking & Brokerage Accounts
Finary does not store your banking credentials and cannot move your money.
We have read-only access that allows us to display your data in your account. That's it.
To improve your account security, we recommend that you enable two-factor authentication (more info here)
Banking & Brokerage Credentials
Your credentials are securely encrypted and managed by our regulated aggregator partners, Plaid (US, Canada & UK), Powens (EU), and Flanks (EU).
Plaid is the world's leading account aggregator.
Powens (formerly Budget Insight) is the leader on the French market and is regulated by the French Central Bank.
Flanks is a Barcelona-based company that is regulated by the Bank of Spain.
Crypto exchanges
Crypto exchanges like Binance or Kraken can safely be connected via API keys that you can generate on your account.
Finary does not have access to your password.
You control these keys and can revoke them in one click.
These API keys are read-only. We can't initiate trades or move money in your accounts.
Finary's team never has access to your banking, brokerage or crypto credentials
Data Protection and Privacy
We strictly enforce GDPR regulation. For more information, please read our privacy policy
A subset of the team can need to access your data for debugging purpose : it's only possible after you've contacted our help-desk and explicitly agreed to it. Those actions are logged and audited on our side.
We will never sell your data. Our business model is based on subscriptions, not on exploiting your personal informations.
Security at Finary
Finary is secure by design. We enforce state of the art security controls in order to protect your privacy as well as your financial data.
Platform
Communications between your client (browser or the mobile application) are encrypted using a recent version of TLS. Same goes for communications inside our platform, and between our platform and our partners.
Automatic backups allow us to quickly restore your data in case of data loss.
Our data-stores and our backups are encrypted at rest using AES-256.
Our platform is deployed in GCP, in European zones, leveraging Google's expertise on hosting and security.
We conduct routine third-party code audits and penetration tests to identify and resolve vulnerabilities in our systems.
We manage a bug-bounty program where security researchers help us surface potential issues all year long.
We continuously improve our secure software development processes.
Team
Every team member follows security and privacy training upon arrival, and regularly afterwards.
Our engineering team also stays current with industry standards and emerging threats to ensure that our security measures remain robust and up-to-date.
Team computers are enrolled in MDM, ensuring that disks are encrypted, and systems and applications are up to date and configured in a secure manner.
We have implemented strict access controls to our platform. No member of our team has more rights than necessary for their daily activities, and robust two-factor authentication is mandatory on each internal and/or sensitive tool.
Responsible disclosure
If you're a security professional who has identified a potential security issue with our platform, we greatly value your responsible disclosure and expertise. You can send us an email at security [at] finary.com.
If you're eligible and interested in joining our private bug bounty program, send us an email at bugbounty [at] finary.com.