Privacy and Security in Greenback

Your financial data security is our top priority. This guide explains how Greenback protects your information and what you can do to enhance your security.

How Greenback Protects Your Data

Bank-Level Security

• 256-bit encryption: All data encrypted using industry-standard AES-256
• Transport Layer Security (TLS): All communications use TLS 1.3 or higher
• Secure data centers: Information stored in SOC 2 compliant facilities

Read-Only Access

• No transaction capabilities: Greenback can only view your data, never make transactions
• No fund transfers: Cannot move money between accounts
• No account modifications: Cannot change account settings or preferences

Plaid Security

Greenback uses Plaid for bank connections, which provides:

• Bank-grade security: Same encryption used by major financial institutions
• Token-based authentication: No storage of bank credentials
• PCI DSS compliance: Payment Card Industry Data Security Standard certified

What Data We Collect

Required Information

• Account registration: Email, phone number for verification
• Bank connections: Read-only access to account balances and transactions
• Device information: Used for app functionality and security

Optional Information

• Profile details: Name, profile picture (you control sharing)
• Usage analytics: App usage patterns (can be disabled)
• Crash reports: Technical data to improve app stability

Financial Data

• Account balances: Current and historical balances
• Transaction history: Income, expenses, transfers
• Investment holdings: Portfolio positions and values
• Manual entries: Assets and debts you add manually

How Your Data is Used

Core Functionality

• Financial tracking: Calculate net worth and analyze spending
• Categorization: Organize transactions automatically
• Reporting: Generate financial reports and insights
• Goal tracking: Monitor progress toward financial goals

Service Improvement

• Analytics: Understand how users interact with the app
• Feature development: Guide development of new features
• Performance monitoring: Ensure app reliability and speed

Data Sharing and Third Parties

Who We Share With

• Plaid: For bank connections (read-only, encrypted)
• Cloud providers: Secure data storage (encrypted at rest)
• Analytics services: Usage statistics (no personal financial data)

What We Don’t Share

• Financial data: Never sold or shared with advertisers
• Personal information: Protected under strict privacy policies
• Bank credentials: Never stored or accessible to anyone

Your Privacy Controls

Account Settings

• Profile visibility: Control what information is displayed
• Data sharing: Opt in/out of analytics and marketing
• Third-party connections: Manage which services access your data

Data Export and Deletion

• Data export: Download all your financial data anytime
• Account deletion: Permanently delete your account and all data
• Data portability: Export data in standard formats

Security Best Practices

Strong Authentication

1. Unique password: Use a strong, unique password for your Greenback account
2. Two-factor authentication: Enable 2FA for extra security
3. Biometric login: Use fingerprint or face unlock when available

Device Security

1. Keep app updated: Install security updates promptly
2. Device passcode: Set strong device passcode or biometric lock
3. Auto-lock: Enable auto-lock on your device

Safe Usage Habits

1. Secure networks: Avoid public WiFi for financial activities
2. Regular monitoring: Review account activity regularly
3. Logout on shared devices: Always log out when using shared devices

Recognizing Security Threats

Phishing Attempts

Warning Signs:

• Unsolicited emails asking for login credentials
• Links to fake Greenback websites
• Pressure to act immediately

Protection:

• Never click links in unsolicited emails
• Always go directly to the app or official website
• Contact support if you’re unsure about any communication

Suspicious Activity

What to Watch For:

• Unexpected login notifications
• Unknown devices accessing your account
• Unusual account activity

Response:

• Change password immediately
• Review recent account activity
• Contact support if anything seems wrong

Data Protection Features

Automatic Backups

• Cloud backups: Your data is automatically backed up
• Encrypted storage: All backups are encrypted
• Retention policies: Backups retained according to data policies

Account Recovery

• Secure recovery: Multiple methods to recover account access
• Identity verification: Strong verification for account changes
• Recovery assistance: Support team can help with account recovery

Compliance and Regulations

Privacy Regulations

• GDPR compliance: General Data Protection Regulation for EU users
• CCPA compliance: California Consumer Privacy Act protections
• Data protection: Compliance with applicable privacy laws

Financial Regulations

• Banking regulations: Compliance with financial industry standards
• Data security: SOC 2 Type II certified data handling
• Audit trails: Comprehensive logging of data access

Incident Response

Security Incidents

If you suspect a security issue:

1. Change password: Immediately update your account password
2. Review activity: Check recent login and account activity
3. Contact support: Report suspected security issues
4. Monitor accounts: Watch your bank accounts for suspicious activity

What We Do

• 24/7 monitoring: Continuous security monitoring
• Incident response: Rapid response to security threats
• User notification: Prompt notification if your data is affected
• Regulatory reporting: Required reporting to authorities when applicable

Your Rights and Controls

Data Access Rights

• View your data: See all information associated with your account
• Data correction: Request corrections to inaccurate information
• Data deletion: Request complete account and data deletion
• Data portability: Export your data in machine-readable format

Communication Preferences

• Marketing emails: Opt in/out of promotional communications
• Security alerts: Choose how to receive important notifications
• App notifications: Customize in-app notification preferences

Third-Party Services

Plaid Connection

• Secure tokenization: Bank credentials converted to secure tokens
• No credential storage: Credentials never stored by Plaid or Greenback
• Read-only access: Cannot perform transactions or account changes

Cloud Storage

• Encrypted at rest: All data encrypted before storage
• Access controls: Strict controls on who can access data
• Geographic restrictions: Data stored in approved regions only

Security Tips for Users

Password Management

• Strong passwords: Use at least 12 characters with mixed case, numbers, symbols
• Unique passwords: Different password for each financial account
• Password manager: Consider using a reputable password manager

Device Security

• Operating system updates: Keep iOS/Android updated
• App permissions: Regularly review and limit app permissions
• Antivirus software: Use reputable security software

Network Security

• Secure WiFi: Use WPA3 encryption when available
• VPN for public WiFi: Use VPN when on public networks
• Avoid public computers: Never access financial accounts on shared computers

Advanced Security Features

Login Monitoring

• Login notifications: Alerts for new device logins
• Session management: View and manage active sessions
• Suspicious activity detection: Automatic detection of unusual patterns

Data Encryption

• End-to-end encryption: Data encrypted throughout its lifecycle
• Key management: Secure management of encryption keys
• Regular key rotation: Encryption keys changed regularly

Getting Help with Security

Security Concerns

• Immediate assistance: Contact support for urgent security issues
• Account protection: Support team can help secure compromised accounts
• Incident reporting: Report security incidents for investigation

Support Channels

• In-app support: Settings → Support → Contact Us
• Email: security@greenbackapp.com for security-specific issues
• Response time: Security issues prioritized for quick response

Remember: Your financial security is a partnership between you and Greenback. Following these best practices and staying vigilant helps ensure your data remains safe and protected.