When we started Trim, the first data we stored were our own transaction histories. Next came transaction data from our closest friends and family. As you can imagine, we care a lot about keeping these crown jewels safe. We built our security systems so that people we know and love would entrust us with their data. We'll apply exactly the same standards to yours.
We use Plaid to securely connect to more than 20,000 financial institutions across the U.S. During the registration process, you will be asked to enter your online banking credentials. These credentials never touch our servers, nor are they stored by us in any way. Your credentials are sent through Plaid to your bank or credit card provider. Plaid then sends back an encrypted token to us.
This token provides read-only access to your transaction data. We cannot move money or make any changes to your account. You can revoke our read-only access token at any time.
Some banks and credit card providers have additional security measures, such as multi-factor authentication using security codes, challenge questions, or phone confirmation. These measures vary from bank to bank. We are glad that most financial institutions make it both simple and secure for you to access your data.
We use 256-bit SSL encryption for our website and all server-side databases. If you sign up to get notifications via SMS, we will require you to set up two-factor authentication when you register for Trim. We will require you to confirm your identity using 2FA for any sign-in using a new device, or if your security token has expired. For users who sign up using Facebook Messenger, we rely on Facebook's implementation of the OAuth protocol to ensure secure sign-in.
We host our servers securely using Amazon Web Services (AWS), a secure online data storage and hosting service that is used by the Department of Defense, NASA, and the Financial Industry Regulatory Authority (FINRA). Your data on our servers will never be accessed or used by any other party.
We don't sell your data or use it in any way without your permission.
Please contact us at firstname.lastname@example.org if you have any questions.