22 Reasons BrightPlan is a Secure Way to Track Your Finances

At BrightPlan, we understand that trust is key to any great relationship. It’s vitally important to us that our clients feel like they can trust not only our financial advice but also the systems we use to provide and store it. That’s why we go the extra mile to secure your data and protect your privacy – especially when it comes to your linked financial accounts.

There are many concerns you may have when it comes to security. We get asked about account linking and security almost daily, and we’re happy we do! Account security is incredibly important, and we love to see that it’s top-of-mind for clients.

Since it’s such a hot topic, we decided to put answers to these questions in one place. So here it is, the much anticipated 22 Reasons BrightPlan is a Secure Way to Track Your Finances:

How we earn your trust

1. We act as a fiduciary. BrightPlan is the first digital advisor to be certified by the Centre for Fiduciary Excellence (CEFEX). CEFEX Certification means we’ve been independently certified to uphold the highest standards to act in clients’ best interests. We volunteer for an annual CEFEX audit that covers things like:

• Handling personally identifiable information
• Avoiding conflicts of interest
• Selecting and monitoring investments
• Communicating investment objectives to clients
• Data protection and cybersecurity
• Controlling and accounting for investment expenses
• Trading client accounts

2. We regularly receive security reviews from employers. As we work with companies who choose BrightPlan to offer financial wellness, we regularly receive rigorous security reviews from employers before ever launching this new employee benefit.

How we protect your data

3. BrightPlan is built and hosted on Salesforce.com. Our clients benefit from all their industry-leading security measures, including secure data centers, strict employee access controls, and disaster recovery architecture.

4. BrightPlan encrypts all client data at rest. Sensitive client data (PII) is encrypted using AES-256.

5. BrightPlan encrypts all data flowing through its systems in transit with TLS 1.2 or higher.

6. We do not sell or trade information about current or former clients to third parties.

7. Authorized BrightPlan personnel require strong passwords and multi-factor authentication to access any of our systems storing client data.

8. All BrightPlan employees go through annual security and compliance training.

9. We enforce strict password protocols. To set and reset a password a client must verify ownership of their email account. The BrightPlan application enforces strong passwords and requires an update periodically.

10. The BrightPlan application enforces automatic inactivity timeouts. Clients are automatically signed out from the desktop and mobile application when extended periods of inactivity are detected.

How we protect your privacy

11. BrightPlan enforces strict access controls. Access to client information is limited to what is required for a BrightPlan employee to perform his/her job. We are in compliance with SEC-required controls for who has access to data.

12. We only use your personal information to provide you services and support. We may only use your personal information where we believe it is necessary or appropriate.

13. We only disclose your personal information when absolutely necessary. We may disclose your personal information where we believe it is necessary or appropriate to:

• Effect, administer, or enforce a transaction that you request or authorize
• Process or service a financial product or service that you request or authorize
• Maintain or service your account with us or with another entity
• Investigate or prevent any actual or potential fraud or other criminal activity
• Comply with law or legal process
• If you are receiving a discount for employment with and/or membership in an organization, to verify your continued affiliation with that organization

14. We’ve been vetted by leading companies in the industry. Prior to launching Financial Wellness at a company, it’s standard for us to undergo an extensive security review. Security reviews are a constant reminder that to win the trust of customers security must be our priority. Technology leaders at Fortune 500 enterprises have vetted our security procedures and trusted us to handle employee data securely.

15. We keep the client/advisor relationship between the client and the advisor. BrightPlan will never share your financial details with your employer.

How we protect linked accounts

16. We partner with Envestnet | Yodlee to keep your financial accounts safe. Envestnet | Yodlee maintains bank-level security and is audited like a bank. All account credentials stored are hardware encrypted using FIPS 140-2 level 2 HSM and the keys used for encryption cannot be accessed by anyone, including BrightPlan or Yodlee employees.

17. We do not store or save linked account credentials. Once login credentials are entered Yodlee validates the credentials and then creates a secure, read-only link to that account. Depending on the institution being linked, the connection may expire at times and need to be renewed.

18. BrightPlan has read-only access to your linked accounts. This is limited to creating a data feed to read account balances and transaction data. We do not have the ability to make any change or to initiate any transactions in your linked financial accounts.

19. We do not have access to move money in linked accounts. BrightPlan cannot pay bills or move money into, out of, or between linked accounts. You still need to sign in directly at your financial institution to move money.

20. We do not manage investments in linked accounts. To allow BrightPlan to manage investments, or to automate investing towards goals, open a BrightPlan Investment Account with the BrightPlan application.

21. We do not store full account numbers. BrightPlan only retrieves the last 4 digits of your linked accounts/credit cards so you can easily identify your accounts. Not storing full account or credit card numbers keeps your account details more secure.

22. We are in compliance with your bank’s security standards. If you follow your bank’s recommended security practices, then your account is secured by your bank itself. We work with your bank’s security measures, and we’ll never ask you to lower your bank account security to link accounts.