Security

How does Stack keep your personal information protected?

06 August 2021
How does Stack keep your personal information protected?

At Stack we understand that money is intimate and personal. With security scanning and multi-factor authentication, you can be assured your security is Stack’s top priority.

We believe in the rights of our users to control their private information entrusted to us, and ensure that under no circumstances do we breach that trust.

So how do we keep your info safe?

Here are some important pillars to Stack Finance’s security and credibility:

Bullet-proof infrastructure

Stack’s infrastructure is based on Amazon Web Services (AWS). We have robust and scalable multi-level architecture using the most secure services of AWS. Our infrastructure strictly follows the AWS Well-Architected Framework, making stack most secure, high-performing, resilient, and efficient.

We implement a multi-layered application firewall and comply with strict security guidelines by the Open Web Application Security Project that is trusted by experts all over the world.

Your data is safe with us

The transmission of your data at Stack is encrypted by a bank-grade TLS encryption algorithm, which helps in protecting users' data from Man-in-the-middle and eavesdropping attacks.

At the data storage level, we are conscious of data atomicity, data consistency, data integrity, and durability of the data.

We also invest in your data availability by ensuring that your information is always protected, no matter what happens. Our system updates back-ups twice every day so that your data is never lost.

A secure application

We use measures like multi-factor authentication, designed to help you protect access to your account. Your data is never shared with a third party.

Moreover, all data transfers back and forth needs to pass through our data validation layer to protect the application from the malicious code injections.

Stack also does not call users for OTPs and PINs generated by you and advise our users to report such incidents.

Rigorous security testings

Our internal team as well as external stakeholders support us in undertaking periodic security and vulnerability testing/ assessments, utilising standardised products for both manual and automated testing.

We have also engaged CERT-IN certified auditors for performing external testing and audits at regular intervals.

We comply with all security protocol

We are compliant to the “Data Localisation” requirements as per the guidelines of the Reserve Bank of India (RBI).

In addition, Stack may require some of your data to help serve you the best investing experience possible. But what exactly do we do with this info, you might ask-

SMS, Location, Contact and Whatsapp Info

  1. SMS - By giving us access to your Transactional SMSs, you can easily set up automatic payments such that every time you spend a certain amount you can also choose to invest some too! We ONLY and only access your Transactional SMSs NOT your personal ones.
  2. Location - By giving us access to your location services we are able to autofill your address in pesky forms (they’re annoying, trust us we know😓). We also check if Stack is serviceable in your area through your location.
  3. Contact - By giving us access to your contact info we are able to detect how many of your contacts are already on Stack! This way, you can get started on creating Shared Stacks with them, and invest together towards a common goal. Accessing your contacts also helps you send personalised messages to invite your friends over to Stack, and win some Stack Coins while you’re at it!👍🏻
  4. WhatsApp - Whatsapp is just because we REALLY like you ❤️ By enabling whatsapp notifications you can stay in the loop with what's up at Stack HQ, exclusive info about new features and periodic notifications telling you how your investments grew!

Investing with Stack is protected, secure and we promise to never compromise your data. So rest assured and start Stacking!

Read more about our security policy