How We Protect Your Data

Your financial security is our top priority. Here's exactly how we keep your data safe.

The Three Things You Need to Know

Read-Only Access

When you connect your bank through Plaid, TaxRaft can only view your transactions.

  • Cannot move money between accounts
  • Cannot make purchases or payments
  • Cannot change account settings
  • Cannot access your bank login

We Never Sell Your Data

Your financial information is never sold to:

  • Advertisers
  • Data brokers
  • Marketing companies
  • Any third parties

Your data is used only to provide you the TaxRaft service. Period.

Credentials Never Touch Our Servers

When you connect your bank:

  1. You enter credentials directly with Plaid (not TaxRaft)
  2. Plaid authenticates with your bank
  3. Plaid gives TaxRaft a secure token
  4. We use that token to request read-only data

Our Security Infrastructure

Encryption

Data in transitTLS 1.3 (HTTPS)
Data at restAES-256 encryption
PasswordsBcrypt hashing with salt
API communicationsEncrypted tokens

Access Controls

  • Role-based access for employees
  • Principle of least privilege
  • Multi-factor authentication required for all internal systems
  • All access is logged and auditable

Infrastructure

  • Hosted on SOC 2 compliant cloud infrastructure
  • Regular security audits and penetration testing
  • Automated vulnerability scanning
  • 24/7 monitoring for suspicious activity

About Plaid

TaxRaft uses Plaid to connect to your bank. Plaid is the same service used by:

VenmoRobinhoodCoinbaseChimeBetterment

...and thousands of other financial applications.

SOC 2 Type II certifiedUsed by 1 in 4 US adultsTrusted by 12,000+ financial institutions

Frequently Asked Security Questions

Can TaxRaft access my bank login?

No. Your credentials are entered directly with Plaid and never transmitted to TaxRaft.

Can TaxRaft move money from my account?

No. We have read-only access. We cannot initiate any transactions.

What if I want to revoke access?

Disconnect your account in TaxRaft settings, or visit my.plaid.com to manage all Plaid connections.

Is my data encrypted?

Yes. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Who can see my data?

Only authorized TaxRaft employees with a legitimate business need, and all access is logged.

What happens when I delete my account?

All your data is permanently deleted within 30 days.

Your Security Checklist

Help us keep your account secure:

Use a strong, unique password (12+ characters)
Enable two-factor authentication (when available)
Log out on shared devices
Keep your email account secure
Report suspicious activity immediately

Contact Our Security Team

Found a vulnerability? Have a security concern?

security@taxraft.com

We take all security reports seriously and will respond within 24 hours.