PRIVACY AND SECURITY
Protecting your privacy and safeguarding your personal information is of utmost importance to us. In order to fulfill this commitment, we have developed a series of policies and practices that govern the protection and use of your information. We utilize state‐of‐the‐art technologies and maintain current security standards and physical, electronic or procedural safeguards to ensure that your personal and financial information is protected against unauthorized access or disclosure and inappropriate alteration or misuse. All data in the system is stored and communicated using encryption. Our employees are also guided by a set of Privacy principles and are required as a condition of employment to respect and maintain the security of your information.
SERVER SECURITY CONTROLS:
Aqumulate servers are hosted on the Microsoft Azure framework.
- 24 hour monitored physical security
- Monitoring and Logging
- Inbound traffic blocked from the Internet, except for remote management ports
- Security Patching
- Antivirus/Antimalware Protection
- Intrusion Detection and DDoS monitoring using SYN cookies, rate limiting, and connection limits to withstand attacks from the outside as well as within a tenant.
- Traffic between machines always traverses through trusted packet filters
- Infrastructure endpoints are secured via HTTPS.
- Encrypted Communication
DATA BACKUP AND RECOVERY
Aqumulate leverages Azure Backup, a highly available, reliable, world class infrastructure which is backed by high SLAs. All backups create 3 copies of Aqumulate data ensuring that the data is available even if there is a disaster within the Azure site.
Backups are performed every 12 hours. Backup data is encrypted during transmission and when stored in Azure. Only Aqumulate has access to the data.
FINANCIAL INSTITUTION CREDENTIALS
Financial Institution credentials (user name, password, cookies, MFA) are encrypted using a hardware key based encryption with the 3DES encryption algorithm prior to storing in the database on the production network. When connecting to the financial institution for aggregating data, the credentials (user name, password, cookies, MFA) are decrypted using a hardware key based encryption with the 3DES encryption algorithm from the database in the production network.
Credentials are masked on the user interface and securely transmitted through an HTTPS connection to the financial institution’s website.
Aqumulate is partnered with Fiserv - the same company providing information management systems to more than 14,000 financial services companies worldwide - to deliver world-class account aggregation technology without compromising security. Financial account passwords do not reside on Aqumulate servers.
AQUMULATE LOGIN CREDENTIALS AND APPLICATION
Aqumulate passwords are encrypted and securely transmitted in the production network using HTTPS. Aqumulate passwords are never decrypted. Aqumulate User IDs can be searched by our customer support representatives, but no one at Aqumulate can access an Aqumulate password. That is why we cannot restore a password if a registered user forgets it.
Passwords are masked on the Aqumulate user interface – i.e. passwords are not displayed while being entered.
The Aqumulate application is a read-only dashboard over SSL. There is no direct access to financial accounts from Aqumulate, and there is no way to move money or execute a transaction from the Aqumulate application.