We use multiple layers of security and industry best practices to keep your data safe and private. Measures we use include:
- Your account password is hashed using the industry-standard BCrypt hashing algorithm, and it is never stored in plain text
- All other sensitive details are encrypted before they are stored
- Our web application communicates securely with our servers using the Transport Layer Security (TLS) protocol, with up-to-date configurations and ciphers
- If you link external accounts to Ethos, we never see or access your linked account credentials. We use trusted third-party integrations to allow you to log in directly to your bank, brokerage and other institutions, without ever storing any credentials with Ethos. Internally we have strict access controls, so no individual at Ethos ever has access to your credentials
- We test our applications and services in a controlled testing environment before they are released into production
- We conduct regular security audits and vulnerability assessments
- We use role-based access controls to identify, authenticate, and authorize individuals to access systems based on their responsibilities
- We disable accounts after defined periods of inactivity and conduct access reviews periodically
- You have the option to enable two-factor authentication to your account.
To report a security vulnerability or issue, please contact us.