Trust & Compliance Center

Start your security review
View & download sensitive information
Ask for information
Search items

Overview

Trust Alliance Logo

At SavvyMoney, safeguarding your data is more than a commitment - it's an integral part of our DNA. We consider it our prime responsibility to uphold unrivaled confidentiality, privacy, and security standards to shield your data.

Explore further by selecting any topic card, or enhance your access to comprehensive knowledge base responses and downloadable documentation by setting up an account.

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
TRUSTe Logo
TRUSTe
CSA Trusted Cloud Provider Logo
CSA Trusted Cloud Provider
Start your security review
View & download sensitive information
Ask for information

SavvyMoney is reviewed and trusted by

TransUnion-company-logoTransUnion
Amazon-company-logoAmazon

Documents

Data Security Practices
Data Security Practice
Pentest Report
SOC 2 Report
CSA STAR
TRUSTe
CAIQ
Product System Architecture
Certificate of Insurance
Subprocessors
Business Continuity Policy
Information Security Policy
Certificate of Good Standing - Delaware
Letter of Financial Standing
W-9 Form

Risk Profile

Data Access LevelRestricted
Impact LevelSevere
Recovery Time Objective12 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Data Security Practice
Pentest Report
SOC 2 Report

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Bot Detection
Code Analysis
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
View more

Network Security

Data Loss Prevention
DNSSEC
Firewall
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Business Continuity Policy
Information Security Policy

Security Grades

Qualys SSL Labs
SavvyMoney Platform
A+

Trust Center Updates

Successful Completion of March-September SOC 2 Type II Audit

ComplianceCopy link

We are pleased to announce that our organization has completed the SOC 2 Type II audit from March to September. This achievement demonstrates our ongoing commitment to maintaining high standards of security, availability, processing integrity, and confidentiality of our systems and services. Please login to download the latest report.

Published at N/A

HTTP2 Rapid Reset Vulnerability - CVE-2023-44487

VulnerabilitiesCopy link

We have proactively addressed the HTTP/2 Rapid Reset Attack vulnerability. Last night, on October 11th, we adjusted our Nginx thresholds to minimize the potential for such attacks. We are also in close communication with Nginx, awaiting further patches to bolster our server's defenses even more.

To address concerns regarding potential exploitation: We have not detected any exploitation of this vulnerability in our environment at this time.

For our clients' peace of mind:

  • Our API and widget services are safeguarded against this vulnerability thanks to AWS WAF's automatic mitigation.
  • Our educational platform remains secure, as Cloudflare automatically protects it from such vulnerabilities.

Your security is our top priority, and we continue to take every necessary step to ensure the safety and reliability of our services.

Published at N/A

SavvyMoney SSL Cipher Update

GeneralCopy link

Update 09/11/2023

SavvyMoney has chosen to continue support for the ECDHE_RSA_WITH_AES_256_CBC_SHA384 cipher suite, which is frequently utilized by the legacy Windows Server 2012. Please be advised that Microsoft's Extended Support for Windows Server 2012 and its R2 variant is set to conclude on October 10th, 2023.

For our partners' convenience and preparation, SavvyMoney will maintain support for ECDHE_RSA_WITH_AES_256_CBC_SHA384 only up to December 31st, 2023. We urge our partners to use this time to facilitate necessary upgrades.

SavvyMoney Security Team

Published at N/A

Dear Valued Partner,

We're excited to inform you of essential security upgrades that we have undertaken to enhance the protection of your data.

Enhanced Security Measures: In our commitment to provide exceptional security and align with industry standards, we have integrated new security ciphers in line with SOC2 and the latest PCI 4.0 compliance. These ciphers represent the cutting-edge in data protection, ensuring your data's encryption, integrity, and overall security are of the highest caliber.

Transition Details: The older ciphers, once pivotal for safeguarding your transactions and data, will now be phased out. Our systems will solely rely on the updated security ciphers, guaranteeing your information's utmost confidentiality, integrity, and authenticity.

Reason for the Change: Our decision to embrace the new security ciphers stems from our unwavering pledge to ensure the pinnacle of security for your sensitive data. Adhering to SOC2 and PCI 4.0 standards means we consistently assess and refine our security measures in response to the ever-evolving landscape of threats.

Your Next Steps: Should your organization possess specific security configurations that this transition might impact, we urge you to revisit your security guidelines to confirm compatibility with our newly supported ciphers. Our dedicated support team stands ready to guide and assist you with any queries or concerns.

Our Newly Supported Ciphers: ECDHE-ARIA128-GCM-SHA256 ECDHE-ARIA256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-ARIA128-GCM-SHA256 ECDHE-ECDSA-ARIA256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-PSK-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305

For further assistance or to obtain more details, you can reach our security team at security@savvymoney.com. We hold your partnership in high esteem and are here to back you every step of the journey.

Warm regards,

SavvyMoney Security Team

Published at N/A

Cloud Security Alliance CAIQ & Certificate of Insurance

ComplianceCopy link

Exciting updates!

1. The Cloud Security Alliance CAIQ (Consensus Assessments Initiative Questionnaire) is now available for download. This questionnaire is a valuable tool for assessing the security of cloud providers.

2. We've also posted our most recent Certificate of Insurance for your reference.

Published at N/A

SavvyMoney Security Team - PGP Key

GeneralCopy link

If you would like to send: security@savvymoney.com an Encrypted Signed Message. Our Public PGP key is below.

-----BEGIN PGP PUBLIC KEY BLOCK----- xjMEZM2XnhYJKwYBBAHaRw8BAQdAp/sI8WUhaY6jq16IAv/3EHhJkNStXKc8 IbDvWSHNckDNMlNhdnZ5TW9uZXkgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlA c2F2dnltb25leS5jb20+wowEEBYKAD4FgmTNl54ECwkHCAmQXIXC9KjPnuwD FQgKBBYAAgECGQECmwMCHgEWIQRtBahtcb2qS77/BpdchcL0qM+e7AAAHf0A /RXGWO49p0Ejqt4SiZohRo6RoHqRRUs1q8RFOsGE3iX5AQDwYxSH3JLdo5ib KWKGj6M2P6SMauF05zpYHo83nWUrAs44BGTNl54SCisGAQQBl1UBBQEBB0DH 2S3P1mqvAGhXTSPvSaNcR6ZM0nxomIX+CXh21pmXIgMBCAfCeAQYFggAKgWC ZM2XngmQXIXC9KjPnuwCmwwWIQRtBahtcb2qS77/BpdchcL0qM+e7AAAS3cB AM6xeAKgKzaisQsOI77AdM5GjNQD8fT+zwGpOJmGHVvrAP40om5uCpMrML/o DkdhlZ0gQptYUoFU0oAHVHLfrU87AA== =03Sr -----END PGP PUBLIC KEY BLOCK-----

Published at N/A

CVE-2023-20593 - Zenbleed

VulnerabilitiesCopy link

SavvyMoney and AWS are aware of CVE-2023-20593, otherwise known as "Zenbleed," and can confirm this issue affected AMD "Zen 2", also known as "Rome," CPUs that power the C5a, C5ad, G4ad, and G5 instance families. Because of the design of the EC2 Nitro hypervisor, there is no risk of cross-instance data access. The updated microcode from AMD has been applied to all C5a, C5ad, G4ad, and G5 instances. SavvyMoney has already confirmed all remediations by AWS for any instances using the Zen 2 architecture.

Published at N/A

SavvyMoney Unaffected by MoveIT Vulnerability: Joint CISA and FBI Advisory

GeneralCopy link

SavvyMoney wants to assure our valued customers that our systems remain unaffected by the MoveIT vulnerability. In light of recent concerns, we understand the importance of addressing potential security risks promptly.

Rest assured, SavvyMoney has taken proactive measures to ensure the security and privacy of our client's information. We do not utilize MoveIT within our infrastructure. Our robust security measures, including firewalls, encryption protocols, and regular security audits, help protect against potential threats.

That's why we want to highlight the joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), which provides valuable insights into the MoveIT vulnerability. You can find the joint advisory on CISA's website. We encourage you to review the advisory to stay informed about the risks associated with the vulnerability.

We remain committed to maintaining a secure environment for our customer's data and will continue to invest in the necessary resources to uphold the highest security standards.

Don't hesitate to contact our dedicated customer support team for any questions or concerns. We value your trust in SavvyMoney and are here to provide you with a secure and reliable financial experience.

Published at N/A
Powered bySafeBase Logo