When dealing with your personal financial data, we understand how important security and privacy is. At Mosaic, we are committed to keeping your data secure and not selling any personal information. In the spirit of our transparent culture, we want to share some insights into how we are doing this.
Security
How do we connect with your institutions?
Similar to other financial companies like Venmo, American Express, and Betterment, we interface with Plaid (now a Visa company) to get this information.
When your accounts are connected with Mosaic, we only ever get read access to the accounts you select. This means that we can never transfer money nor make any transactions on your behalf. Additionally, Mosaic never gets access to any of your institutions’ passwords.
How do we keep your data secure?
Your data is encrypted in transport and at rest. All information from our servers is sent to the Mosaic app through HTTPS. In short, HTTPS is a secure transport protocol to send data that, even if intercepted, can only be read by the intended recepient with the correct keys (i.e., just you). At rest, when data is sitting in our database, everything is encrypted using the 256-bit Advanced Encryption Standard, the same method (if not better) used by the big banks. Additionally, our database host goes through regular security audits to make sure your data is safe.
Privacy
Financial data is intimate. By using Mosaic, you are trusting us to keep your data private. In addition to never selling or renting your personal information, all your data is anonymized and no one has direct access to it except you.
Compliance
If at any point you decide you want to unlink any institution or delete your Mosaic account, we will immediately remove all corresponding data from our systems. We make it easy for you to:
- request and receive all information Mosaic has about you
- request to have your personal data deleted
- receieve a copy of your personal data
- request to correct or update inaccurate or incomplete information