Insuring the safety and privacy of your sensitive data is Vyzer's highest priority.
Here are answers to some of the questions we would have to a platform like ours.
If you have more questions, just email us at hello@vyzer.coDoes Vyzer have direct access to my online bank or crypto accounts?
No. Vyzer DOES NOT have your banking or crypto account
credentials.
Vyzer uses third party financial account aggregator
services - Plaid, Yodlee, Salt Edge & Zabo - to connect to your
accounts. Your banking credentials are directly sent to the
respective service from your browser. Vyzer servers will never see
your credentials. Plaid, Yodlee, Salt Edge & Zabo provide a
read-only interface to Vyzer; therefore Vyzer cannot make any
transactions on your behalf.
Plaid, Yodlee, Salt Edge & Zabo adhere to industry leading practices for data security, regulatory compliance, and privacy.
Is my data encrypted?
The data in Vyzer is encrypted at-rest and in-transit. It’s NOT end-to-end encrypted.
When you think of online security the first thing that comes to your mind is encryption. You may have also heard of ‘end-to-end encryption’ as the gold standard for security.
What is end-to-end encryption?
End-to-end encryption makes the data encrypted or unreadable by the very service or the app you used to create it, because the app simply doesn't hold the keys to decrypt it. It’s only readable by the user who holds the key to decrypt it and no one else.
Why isn't my data encrypted end-to-end?
Because it will not allow Vyzer to deliver several fundamental features of the service, e.g, background syncing, ensuring safe transfer of your data to your beneficiary as simple Excel and Zip files and many more. Even though we can’t do end-to-end encryption, your data in Vyzer is indeed encrypted at-rest and in-transit.
What are at-rest and in-transit encryption?
At-rest encryption: All our databases and files storage in Amazon (AWS) servers have their content encrypted while sitting idle and when they’re backed up. This protects against unauthorized copying, transfer or retrieval of user data from our servers. Even if someone was somehow able to get hold of a backup of the database, it’d be useless, because they wouldn’t have the key to decrypt it.
In-transit: Your data when in transit from ours servers to your browser requires HTTPS on all pages, and uses HSTS to ensure browsers only ever connect to us over a secure connection.
What happens if Vyzer servers are breached?
First of all, we don't store any of your banking credentials (See the answer to the question: Does Vyzer have access to my online bank and crypto account?). If Vyzer servers were to be breached, your banking credentials are totally safe.
Secondly, all your data in Vyzer is encrypted at rest on Amazon servers. So, even if someone hacks in and gets hold of a backup of the database, it’d be useless, because they wouldn’t have the key to decrypt it.
Vyzer uses HTTPS on all pages, and HSTS to ensure browsers only ever connect to us over a secure connection. So, someone hacking into your data on transit is less likely.
Why is Two-Factor Authentication (2FA) login mandatory?
Your data will be more secure.
Customer passwords and user IDs are notoriously vulnerable and easy to hack—especially when customers choose easy-to-guess passwords like “123456” and “password.” An additional vulnerability comes when people write down their passwords (in either online or physical files) where thieves and cyberthieves can discover them. 2FA makes data more secure with the use of one-time passwords (OTPs) and physical characteristics (like fingerprints and voice recognition) which are more difficult or impossible to crack.
Can Vyzer employees see my data?
NO. Vyzer employees can't see your data.
Our internal tools mask all personally identifiable information that our operations staff sees. Technically the database administrators have access to the encryption keys, however our employment agreements make it legally binding for any such employee with access to the keys to not decrypt or unmask user data. We also have a strict 2FA factor in place which prevents hacking of such admin accounts.
Use Vyzer Safely.
Just to be on the safer side, you should not store any information in Vyzer that’s highly risky when fallen into the wrong hands. Please don’t store any password, credit card numbers, crypto wallet private keys in Vyzer in order to transfer it to the beneficiary. You should store only enough information or documents that would help you track your wealth and for your legal heir to know and claim your property.
If your data sharing needs requires end-to-end encryption, don’t use Vyzer. We highly recommend you to look at Password Managers like LastPass and 1Password. But they come with their own complexities. E.g. the person who you want to share the information with, should also be savvy enough to be a user of the same Password Manager.
Does Vyzer sell my data?
Vyzer NEVER sells your data.
Vyzer is funded solely by your subscription fee.
In some specific instances when data is shared with 3rd parties (mostly for analytics), Vyzer makes sure they don’t sell it either.
If I delete my data - is it really deleted or can it be restored from backup?
When you delete your account, we delete all your data from our primary database immediately and notify our aggregators to stop connecting your account and delete everything from their end.
We keep rotating backups for 30 days. Your data will be removed from the backup in the next backup purge cycle.
Do we conduct external security audits?
We’re engaging with external security firms to review our application security. We are committing to work with renowned security experts to audit our internal and external security practices on a regular basis.