Security
Why your investment data is safe with illio
Security
Our founders and management team have all come from large financial corporations where security and privacy are paramount. We have built illio using the same principles using the latest technology and industry standards to make sure our service is safe and your information is protected.
How does illio keep my data safe?
- We separate out and use different systems to process and store your data so that only partial information can be obtained from any one system. All of these providers are global leaders in their fields providing best-in-class security including requiring MFA to access. We use AWS Cognito for authentication and Stripe for payment details
- Your personal identifiable information and investment data is never sold or shared with any 3rd parties for marketing purposes
- We need your consent to access your investment data from brokers
- We run over 200 automated security checks/day via AWS Security Hub
- We use AWS GuardDuty to provide 24x7 security monitoring of the investment system
- We use security experts who typically work with Tier 1 payment providers to review our tech infrastructure and perform penetration testing
- We use AES-256 and TLS 1.2 to ensure your data is encrypted in transit and at rest
Are my investment credentials secure?
- We only use trusted third-party aggregators to pull in your investment holdings and transactions: Yodlee, Plaid and Vezgo
- We only connect directly to third-parties using secure protocols
- We do not have access or store your account credentials, we only retain an authorization token used for system to system access
- We have ‘read only access’. Our application only reads your information and cannot make trades on your behalf
What happens if illio servers are breached?
- Due to the way we separate personal information from investment information it would require a breach in multiple systems, each of which require MFA to access for your investment data to be useful to anyone
- In the extremely unlikely event of a breach that could compromise your data we would inform you as soon as we've identified it
- Since we do not have access to your brokerage credentials, there would be no way for someone to access your money or make trades from information on our servers in the event of a breach
What happens if I want to close my illio account?
When you delete your account we delete your investment data as well as your personally identifiable information within 14 days. We do retain the minimal information to know that the email address was previously used in order to prevent us sending you unwanted marketing and to help prevent fraud.
