Financial Data Security & Privacy
Keeping your personal and financial data safe is our first priority.
Trust in a financial management platform
that goes beyond bank-level security.
We’re obsessed with keeping your data safe, so we created a robust security architecture from day one, using privacy-by-design principles. Our advanced security and privacy framework features several layers of data protection.
Server and Database Security
Onist uses a combination of security best-practices, including firewalls, server hardening, application controls, and the creation of an elaborate set of keys, passwords, and access roles to ensure that your information is only accessible to the people you intend to share it with. Additionally, Onist is a read-only platform, and does not have access to or store your financial account credentials.
All data within the Onist platform is encrypted while at rest and in transit using sophisticated encryption algorithms including, 2048-bit Extended Validation SSL certificate and 256-bit encryption. User data is encrypted at rest using the AES-256 algorithm.
Onist goes above and beyond the security practices of most financial institutions by anonymizing your data. Onist separates personal data, the data that can identify you, from your financial data, and each is stored separately, the latter in fully pseudonymized and encrypted form in a separate sub-system that has dedicated servers, databases and access keys.
Onist ensures that your data is inaccessible and illegible to hackers, our hosting partners and even our own employees.
Finally, you control your data.
Data Privacy & Ownership
Onist shares your data with no one. It will never be part of our business model to share or sell our users’ data. Our privacy architecture is based on privacy-by-design principles, a framework that was developed by a joint international committee to ensure greater privacy and consumer control over your own data.
This means that you, and only you, own and control your financial data completely. You can delete your data at any time.
PARTNERS & CERTIFICATIONS
Onist works with global leaders in data security to ensure that your information is always safe.
Digicert’s Extended validation (EV) SSL certificates use the highest level of authentication and identity assurance. They use the most secure encryption available and support SHA-2 algorithms. With 2048-bit encryption used in root certificates, Digicert’s hybrid cryptosystem benefits from the best features of both symmetric and asymmetric encryption.
TRUSTe has verified Onist’s privacy practices against TRUSTe Privacy Standards using a combination of best-practice technical and manual methodologies.
Yodlee provides seamless, secure integration of user accounts from over 15,000 international financial institutions
Yodlee is by far the most widely used data aggregation platform in the industry today, with over 600 companies as clients — including Bank of America, Citigroup, HSBC, Paypal and Amazon.com — and trusted by over 20 million end customers worldwide.
The Amazon Web Services data center and network architecture is built to meet the requirements of the most security-sensitive organizations and is trusted by leading global financial institutions including NASDAQ, Capital One, Pacific Life and National Bank, to name a few.
KPMG is a global network of independent member firms offering audit, tax and advisory services. KPMG cyber security professionals worked with Onist to identify, assess and remediate any security vulnerabilities within the IT system.