Security Practices

    Effective date: May 1, 2024

    Private and safe, just like your bank

    We understand that by using Prosporus, you are trusting us with your data. That’s why we follow the golden rule of data security: treat others’ personal and financial data the way you would want others to treat your personal and financial data. Below, you‘ll find the principles that guide our approach to privacy and security.

    Access

    We believe that you should have access to and control over your data. You can download all your transactional data, including categories and notes, from your Prosporus account.

    Your personal Prosporus financial account data, such as budgets and transactions, is only accessed by the Prosporus team when necessary to provide the Prosporus services, like when you request support for a data issue. We use aggregated and anonymized data for internal analytics and business purposes – you can read our Privacy Policy for more information.

    We employ a number of security measures to help keep your information safe, including 256-bit encryption to protect it at rest and Transport Layer Security (TLS) to protect it in transit. In other words, your data is encrypted while it is being stored and while interacting with our servers. We do not see or store your bank login credentials because we partner with trusted data aggregators, like Plaid and Finicity, to connect to your financial institutions. Prosporus works with third party vendors who adhere to industry security standards. You can read more about Plaid and Finicity’s security policies on their websites.

    Prosporus’s direct OAuth integrations for ID.me meet the same data security requirements. OAuth allows us to directly verify your identity just like with other government platforms. We do not see or store your OAuth login credentials either.

    Retention

    You can delete your Prosporus account at any time from the Settings menu, or by sending a request via in-app chat or to privacy@prosporus.com. If you delete your account, we do not keep any of your linked financial data or Prosporus account data (email address, budgets, etc.), except in the limited circumstances where required by law, to resolve disputes, protect Prosporus and our members, and enforce our agreements. Where Prosporus has no such obligations, the data will be completely removed from all our internal systems, including backups, within 60 days.

    Deleting your Prosporus account and canceling your app subscription are two separate actions, as subscriptions are managed by Apple.

    • You can cancel your app subscription from Settings prior to deleting your account. Go to Prosporus Settings → Subscription → Manage your Subscription and you’ll be taken to the App Store to complete the cancellation.
    • If you forget to cancel your subscription before deleting your account, you can still do so by going to your mobile device’s Settings → Purchases → Subscriptions → Prosporus.

    Infrastructure

    Prosporus’s infrastructure is built on the Google Cloud Platform (GCP), which is used by leading financial companies worldwide. GCP adheres to industry standard security, privacy and compliance controls, including:

    • ISO/IEC 27001, 27017 and 27018
    • SOC 1/2/3
    • PCI DSS
    • CSA STAR

    Please note that these are GCP certifications and that Prosporus is not independently certified at the moment.

    We use Multi-Factor Authentication (MFA) on all internal systems and incorporate MFA support and mobile device management into our company devices.

    We also know that security isn’t a “set it and forget it” sort of thing, which is why we regularly conduct application penetration tests to identify and, as needed, mitigate vulnerabilities or risks in our systems.

    What you do in Prosporus, stays in Prosporus

    Our only focus is on building tools that help you improve your finances. We respect your privacy, so we give you transparency and control over your data and keep it private. We don’t like it when we start seeing online ads for things we recently bought, so we do not sell your personal data to third parties so that they can advertise products to you.

    Transparency above all else

    Our Privacy Policy comprehensively details our data practices, but we understand that legal documents aren’t everyone’s favorite thing to read. That’s why we have this page to provide you with a straightforward summary of how we think about your data.

    We’ll keep this page up-to-date and let you know if anything big changes with our practices. We’re also available if you have any questions or concerns. You can always contact us through in-app chat or at privacy@prosporus.com.