• Database Security

    Our database has limited points of entry with firewalls placed on every one. Communications to the database outside of the application are severed off by a Virtual Private Cloud (VPC), so read and write access is exclusive to Datacoup. Backups are run routinely and are stored in an equally fortified server unit. Data in Transit from both the app and the database is encrypted, adding a layer of protection against any potential vulnerabilities.

  • Bank Data Security

    Datacoup neither sees nor stores any bank or credit card user login information such as username or password. The communication to the bank is hashed and the access point is tokenized, which means even Datacoup has no way of deciphering a bank username or password. Datacoup never sees nor stores account or routing numbers either.

    The connections we establish with bank and credit cards are 100% read-only. This means in no way can Datacoup, or any hacker who gained access to Datacoup credentials or servers, manipulate a transaction in any of your financial accounts.

    Transaction data exchanged between the bank and Datacoup is passed through layers of encryption and stored in walled-off servers. The communication channel is also supervised under FFIEC guidance. The API provider receives a multi-agency examination with the Office of the Comptroller of the Currency (OCC) as lead examiner.

  • Social Data Security

    Connections established with any of the social network accounts uses a protocol called Oauth, which enforces heavy security standards to protect the user from any harm. This procedure prohibits Datacoup to see or store the username and password to any of these accounts. Any access to user data must be authorized by the user before Datacoup can help the user monetize it. Along with regular token expirations, users are able to disestablish the connection by resetting the token through settings in the respective social network accounts, always giving the users the ability to cut the connection when they see fit.

  • App Level Security

    Sessions are stored in the database, while cookies are never used to store sensitive user data. Session and cookie data are destroyed immediately after logging out. This practice coupled with the site-wide SSL coverage, ensures protection against session hijacking and XSS attacks.

    Every app request checks for a unique token generated by the app to verify only internal requests. Cross Site Request Forgery from outside entities is blocked. User inputs and javascript are sanitized before passing data to prevent further XSS attacks.

    We conduct strict procedures of monitoring and scanning to spot out vulnerabilities encountered in the app. If any weakness is discovered, its immediately patched up.

  • Administrative Security

    The staff at datacoup take security very seriously. We place firewalls and IP blacklists on all of our internal services, including intranet, database connections and server connections.

Security