Documentation

Wealthie Application Security Report

This security report provides financial advisers with a comprehensive overview of the security measures implemented in the Wealthie financial modelling application. As professionals who handle sensitive client financial information, it is essential that you understand how Wealthie protects your clients' data and ensures the confidentiality, integrity, and availability of all financial information stored within the platform.

Wealthie employs enterprise-grade security measures that meet or exceed industry standards for financial services applications. The platform implements multiple layers of security controls, from user authentication and data encryption to network security and continuous monitoring. These comprehensive security measures are designed to protect against data breaches, unauthorised access, and other security threats that could compromise sensitive financial information.

1. User Authentication and Access Control

How User Authentication Works

When you log into Wealthie, the system employs multiple verification steps to ensure that only authorised users can access the platform. The authentication process begins with your email address and password, but extends far beyond this basic check to provide comprehensive security.

The platform uses industry-standard authentication protocols that verify your identity through multiple factors. This multi-layered approach ensures that even if one security measure is compromised, additional protections remain in place to prevent unauthorised access to your clients' financial information.

Password Security Requirements

Wealthie enforces strong password policies to ensure that user accounts remain secure. All passwords must meet specific complexity requirements that make them resistant to common attack methods such as brute force attacks and dictionary attacks.

  • Minimum Length: Passwords must be at least 8 characters long
  • Character Complexity: Must include uppercase letters, lowercase letters, numbers, and special characters
  • Password History: System prevents reuse of the last 8 passwords
  • Account Lockout: Accounts are temporarily locked after 5 failed login attempts

Session Management

Once authenticated, Wealthie manages your session using secure tokens that expire automatically to prevent unauthorised access if you forget to log out. Sessions are configured with appropriate timeouts to balance security with usability.

  • Automatic Timeout: Sessions expire after 60 minutes of inactivity
  • Secure Tokens: Session tokens are cryptographically secure and cannot be predicted
  • Token Rotation: Session tokens are regularly rotated to minimise exposure risk
  • Concurrent Session Limits: Users can only maintain a limited number of active sessions

2. Data Encryption and Protection

Encryption in Transit

All data transmitted between your browser and Wealthie's servers is protected using Transport Layer Security (TLS) encryption. This ensures that any financial information you enter or view cannot be intercepted by unauthorised parties during transmission.

  • TLS 1.3 Protocol: Uses the latest encryption standards
  • Perfect Forward Secrecy: Each session uses unique encryption keys
  • Certificate Validation: SSL certificates are regularly updated and validated
  • HSTS Headers: Forces secure connections and prevents downgrade attacks

Encryption at Rest

All client financial data stored in Wealthie's databases is encrypted using advanced encryption standards. This means that even if someone gained unauthorised access to the physical storage systems, they would not be able to read the encrypted financial information.

  • AES-256 Encryption: Industry-standard encryption for stored data
  • Key Management: Encryption keys are securely managed and regularly rotated
  • Database Encryption: All database files are encrypted at the file system level
  • Backup Encryption: All backup files are encrypted using the same standards

3. Infrastructure Security

Cloud Security Architecture

Wealthie is hosted on enterprise-grade cloud infrastructure that provides multiple layers of security controls. The platform leverages the security capabilities of leading cloud providers while implementing additional application-level security measures.

  • SOC 2 Compliant Infrastructure: Hosted on platforms with verified security controls
  • Network Isolation: Application components are isolated using virtual private networks
  • DDoS Protection: Advanced protection against distributed denial of service attacks

Network Security

The platform implements comprehensive network security controls to protect against unauthorised access and network-based attacks. These controls monitor and filter all network traffic to ensure only legitimate communications reach the application.

  • Firewall Protection: Multi-layer firewall systems filter all network traffic
  • Intrusion Detection: Automated systems monitor for suspicious network activity
  • VPN Access: Administrative access requires secure VPN connections
  • Network Segmentation: Different system components are isolated on separate network segments

4. Application Security

Secure Development Practices

Wealthie is developed using secure coding practices that prevent common security vulnerabilities. The development team follows established security guidelines and conducts regular security reviews of all code changes.

  • Code Reviews: All code and system changes undergo security-focused review before being pushed to production
  • Dependency Management: Third-party libraries are regularly updated and scanned for vulnerabilities
  • Security Testing: Regular penetration testing and vulnerability assessments

Input Validation and Sanitisation

The application implements comprehensive input validation to prevent injection attacks and other input-based security vulnerabilities. All user input is validated and sanitised before processing.

  • SQL Injection Prevention: Parameterised queries prevent database injection attacks
  • Cross-Site Scripting (XSS) Protection: Input sanitisation prevents script injection
  • CSRF Protection: Tokens prevent cross-site request forgery attacks
  • File Upload Security: Uploaded files are scanned and validated for security threats

5. Data Privacy and Compliance

Privacy by Design

Wealthie is designed to comply with major data privacy regulations including the General Data Protection Regulation (GDPR) and the New Zealand Privacy Act. These regulations establish strict requirements for how personal and financial data must be handled, and Wealthie's design incorporates these requirements from the ground up.

The platform follows data minimisation principles, which means that only the information necessary for providing financial advisory services is collected and stored. This approach reduces privacy risks and ensures that client data is not unnecessarily exposed or retained beyond what is required for legitimate business purposes.

Data Retention and Deletion

Wealthie implements appropriate data retention that ensure client information is retained only as long as necessary for business and regulatory purposes. When data is no longer needed, it is securely deleted using methods that prevent recovery.

  • Secure Deletion: Data is permanently deleted using cryptographic erasure methods
  • Right to Deletion: Clients can request deletion of their personal information
  • Data Portability: Clients can request export of their data in standard formats

6. Monitoring and Incident Response

Continuous Security Monitoring

Wealthie employs comprehensive monitoring systems that continuously watch for security threats and suspicious activities. These systems provide real-time alerts when potential security issues are detected, enabling rapid response to protect client data.

  • Log Analysis: All system activities are logged and analysed for security events
  • Anomaly Detection: Machine learning systems identify unusual patterns that may indicate threats
  • Real-time Alerts: Security teams receive immediate notifications of potential issues
  • Forensic Capabilities: Detailed logs enable investigation of security incidents

Incident Response Procedures

In the unlikely event of a security incident, Wealthie has established procedures to quickly contain the threat, assess the impact, and restore normal operations. These procedures are regularly tested and updated to ensure effectiveness.

  • Escalation Procedures: Clear processes for escalating different types of incidents
  • Communication Plans: Procedures for notifying affected users and regulatory authorities
  • Recovery Procedures: Tested methods for restoring systems and data after incidents

7. Regular Security Assessments

Vulnerability Management

The platform implements a comprehensive vulnerability management program that includes regular scanning, assessment, and remediation of security vulnerabilities. This proactive approach ensures that security issues are identified and addressed quickly.

Conclusion

The security measures that Wealthie has implemented are designed to protect the sensitive financial information that financial advisers handle daily. The platform's multi-layered security approach, enterprise-grade infrastructure, and continuous monitoring provide robust protection against various types of threats.

Financial advisers can confidently use Wealthie to store and manage their clients' most sensitive information, knowing that the platform employs the same level of security used by major financial institutions. The combination of strong authentication, data encryption, access controls, and monitoring systems ensures that client data remains protected at all times.

Document Information

  • Document Version: 1.0
  • Last Updated: June 2025
  • Review Schedule: Quarterly
  • Production Environment: https://modelling.wealthie.co.nz