Security

Your Security is Our Priority

Valendry is built from the ground up to protect your financial data. We use industry-leading encryption, certified integrations, and rigorous security practices so you can focus on your finances with confidence.

AES-256 Encryption
SOC 2 Compliant
GDPR & CCPA
Zero Data Selling

Data Encryption

AES-256 + TLS 1.3
  • All data encrypted at rest using AES-256, the same standard used by banks and government agencies.
  • All network traffic encrypted in transit with TLS 1.3 — the latest and most secure transport protocol.
  • Database backups are encrypted and stored in geographically redundant locations.
  • Encryption keys are managed through a dedicated key management service with automatic rotation.

Bank-Grade Integrations

SOC 2 Type II
  • Bank connections powered by Plaid — read-only access. Valendry never sees or stores your bank login credentials.
  • Brokerage connections powered by SnapTrade — OAuth token-based authentication. Your broker credentials stay with your broker.
  • Both Plaid and SnapTrade are SOC 2 Type II certified and undergo regular third-party security audits.
  • Valendry only receives the minimum data needed: balances, transactions, and holdings. No SSN, no full account numbers.

Authentication & Access

bcrypt + 2FA
  • Passwords are hashed with bcrypt using adaptive cost factors — even Valendry cannot read your password.
  • Optional two-factor authentication (2FA) via authenticator app for an additional layer of protection.
  • Session tokens are cryptographically signed, expire automatically, and are invalidated on logout.
  • Rate limiting and brute-force detection on all authentication endpoints.

Infrastructure Security

SOC 2 Compliant
  • Hosted on SOC 2 compliant infrastructure with 24/7 monitoring and incident response.
  • Regular penetration testing and security audits conducted by independent third parties.
  • Automated vulnerability scanning on every code deployment with dependency auditing.
  • Network segmentation, firewalls, and intrusion detection systems protect all production environments.

Data Privacy

GDPR + CCPA
  • Fully compliant with GDPR (EU) and CCPA (California) data protection regulations.
  • Export all your data at any time from Settings — your data belongs to you.
  • Delete your account and all associated data permanently from Settings > Danger Zone.
  • Valendry does not sell, share, or monetize your personal or financial data. Ever.

Regulatory Compliance

PCI DSS + STOCK Act
  • PCI DSS compliance handled through Plaid — Valendry never processes or stores payment card data directly.
  • Capitol Gains politician trade data is sourced exclusively from public STOCK Act filings and government disclosures.
  • All data processing adheres to applicable financial data handling regulations.
  • Regular compliance reviews ensure ongoing adherence to evolving regulatory requirements.

Responsible Disclosure

Found a vulnerability? We appreciate responsible disclosure and take all reports seriously. Please report security issues directly to our security team.

[email protected]

Security Questions?

Have questions about how we protect your data? Our team is happy to provide additional details about our security practices and compliance certifications.

Contact Us