Data Protection for Peace of Mind
Keeping your information private and secure is our top priority.
Physical Data Security and Access
Client data, as well as your information, is stored in a Virtual Private Cloud (VPC) hosted with Amazon Web Services. Each datacenter is operated in Tier 3+ guidelines and multiple data centers are combined to form an Availability Zone (AZ). Only US-Domestic AZs are used for hosting the application.
Physical security of the data centers includes:
- 24/7 Security Guards
- Fencing
- Intrusion Detection Technology
Virtual security includes:
- Restricted access and separation of Privilege at multiple layers
- Server login restricted to Moneytree Administrators and Senior Software Engineers
- Database restricted to Moneytree Administrators and Senior Software Engineers
- Separate development/quality testing and production environments for change control
- Redundant web servers and load balancers
- Multiple daily backups with extra-regional replication
- Encryption at rest of data, log files and backups using aes-256 algorithm
- User accounts and passwords are encrypted
User Accounts
- Account lock after repeated failed login attempts
- Session timeout to protect data if left unattended
- Two-factor authentication and password expiration options
- Customizable user account roles and permissions
Website Encryption
- Traffic going to and from Moneytree Advise and Moneytree Plan is encrypted using TLS