Advizr

Privacy & Security

Your data is secure with Advizr

We understand that the privacy and security of your data is vital, so we are committed to providing a highly secure and reliable environment you can trust.

Data Security

Advizr uses bank-level security and implements and abides by the highest standards across the industry. We conduct a third party security audit (SOC 2) that attests to key compliance controls and objectives

Data Privacy and Security FAQs

 

Data & Network Security

Is Advizr data encrypted?
All data is encrypted in transit (via 256-bit SSL/TLS encryption) and at rest using AES-256 bit encryption, providing end to end security and protection. Advizr implements strict access controls and policies to enforce privacy.

 

Where is Advizr data/infrastructure hosted?

Hosted on Amazon Web Services (AWS), we rely on Amazon’s world-class platform as a service to run in a secure, scalable and dependable environment.

How is Advizr’s network protected?

Advizr utilizes Amazon Virtual Private Cloud (VPC), a logically isolated section of AWS, to provide advanced security and protection. The application servers and databases reside in private subnets. Firewalls and fined-grained network access control lists enable inbound and outbound filtering at the instance level and subnet level.

 

Advizr utilizes advanced intrusion detection and prevention software, as well as real-time network traffic analysis with machine learning algorithms for anomaly detection.  By practicing the principle of least privilege, Advizr’s network is designed to protect against any unauthorized traffic and exposure to the Internet.

 

Does Advizr ever “go down”?

Outage History – Advizr has not experienced any unexpected outages. Any outages that did occur were minor and had little to no disruption of service to our customers. Over the last few years, Advizr’s uptime exceeds 99%.

 

What measures does Advizr take to insure security and safety?

Advizr uses bank-level security and implements and abides by the highest standards across the industry. We conduct a third party security audit (SOC 2) that attests to key compliance controls and objectives, achieving commitments in:

  • Integrity and Ethical Values
  • Commitment to Competence
  • Management’s Philosophy and Operating Style
  • Organizational Structure and Assignment of Authority / Responsibility
  • Human Resources Policies / Practices
  • Risk Assessment Process
  • Information and Communication
  • Monitoring Controls
  • Trust Services (complete information protection)

 

Does Advizr have a comprehensive security program?

Yes. Advizr implements an extensive security framework based on NIST and ISO27002 guidelines.

 

Does Advizr have a SOC 2 Report?

Yes.  Advizr completes an annual SOC 2 audit, testing our security controls.  The report is available upon request.

 

Does Advizr conduct third party penetration tests and/or vulnerability scans?

Yes.  Advizr completes an annual third party penetration test by certified experts.  The report is available upon request.

 

What other measures does Advizr take to insure security?

  • Strict access controls for production environments & data with logging of all access, which requires multi-factor authentication and access keys that are regularly regenerated.
  • Detailed audits of all user access & activity within the application
  • Point-in-time data recovery

 

What controls are in place to protect PII (personally identifiable information)?  How is data encrypted in transit and at rest?  How is data masked / obfuscated in testing environments?

Advizr utilizes a cybersecurity framework based on NIST. Data is encrypted in transit and at rest (AES-256).  Data is not migrated between environments.

 

Advizr collects and stores the following client information:

  • Full Name
  • Email (optional)
  • Age (not DOB)
  • Balances of bank accounts
  • Asset value of brokerage and retirement accounts
  • Names of dependents
  • Ages of dependents (No DOBs)

 

Advizr does not collect nor store any of the following:

  • Address or phone numbers
  • Bank account numbers
  • Social security numbers
  • Credit card numbers

 

Is your third party account aggregator safe?

Advizr partners with Quovo.  Advizr does not store or maintain account login credentials, those are passed along to Quovo.  Review Quovo’s Infosec: https://www.quovo.com/infosec/

Legal Terms

Read our legal Terms & Conditions