DATA SECURITY

Introduction

Your data security is our primary concern and our most important goal is to keep your data safe and secure. We understand that your investment information is confidential and we take great care in protecting it from unauthorized access.

We do this using various methods and industry best practice. We also ensure that all our partners have stringent security controls in place when it comes to data processing, storage, and management.

Data communication

Whenever you are communicating with Daizy via our Website, App, Chatbot or Facebook Messenger, your connection is always secured using strong encryption.

Whenever Daizy is transferring data to one of our partners in order to retrieve portfolio calculations, individual stock prices, or customer information, we always use secure encrypted connections.

Linking your online broker account to Daizy

All of your online broker details are handled by Plaid, using the latest security technology to securely connect to nearly thousands of financial institutions. At Daizy, we never see or store your online broker account details. We simply receive a read only copy of your portfolio holdings on a daily basis so we can calculate your analysis for you.

Plaid regularly undergoes both internal and external network penetration tests, and third-party code reviews. Plaid also maintains a SOC 2 Type II report by testing the design and operational effectiveness of our Information Security program using independent auditors.

The Plaid API only allows client requests using strong TLS protocols and ciphers. Communication between Plaid infrastructure and financial institutions is transmitted over encrypted tunnels. All client communication with the Plaid API requires API key authentication and utilizes cryptographically hashed headers and timestamps to verify authenticity.

Data storage and processing

If we need to store sensitive or personal data to process over time, we always use secure databases platforms that encrypt data while ‘at rest’ in the database. If we ever need to process portfolio data sets to provide benchmark or peer group analysis, we always anonymize this data first. It is then impossible for any of these results to be traced back to individual users.

Data security audits and certifications

All our key external data processors are ISO27001 and SOC certified for data security. These include Amazon Web Services and Hubspot.com. Daizy is actively working towards our own external data security audits and certifications.

Personal data and privacy

You can read our full privacy policy at www.daizy.com/privacy-policy/.