Wealthie
Sign In
SOC 2 Type II Certified

Security you can trust

Wealthie employs enterprise-grade security measures that meet or exceed industry standards for financial services applications. The platform implements multiple layers of security controls, from user authentication and data encryption to network security and continuous monitoring — designed to protect against data breaches, unauthorised access, and other threats that could compromise sensitive financial information.

SOC 2 Type II Certified

1. User Authentication and Access Control

How User Authentication Works

When you log into Wealthie, the system employs multiple verification steps to ensure that only authorised users can access the platform. The platform uses industry-standard authentication protocols that verify your identity through multiple factors — ensuring that even if one security measure is compromised, additional protections remain in place.

Password Security Requirements

  • Minimum Length: Passwords must be at least 8 characters long
  • Character Complexity: Must include uppercase letters, lowercase letters, numbers, and special characters
  • Password History: System prevents reuse of the last 8 passwords
  • Account Lockout: Accounts are temporarily locked after 5 failed login attempts

Session Management

  • Automatic Timeout: Sessions expire after 60 minutes of inactivity
  • Secure Tokens: Session tokens are cryptographically secure and cannot be predicted
  • Token Rotation: Session tokens are regularly rotated to minimise exposure risk
  • Concurrent Session Limits: Users can only maintain a limited number of active sessions

2. Data Encryption and Protection

Encryption in Transit

  • TLS 1.3 Protocol: Uses the latest encryption standards
  • Perfect Forward Secrecy: Each session uses unique encryption keys
  • Certificate Validation: SSL certificates are regularly updated and validated
  • HSTS Headers: Forces secure connections and prevents downgrade attacks

Encryption at Rest

  • AES-256 Encryption: Industry-standard encryption for stored data
  • Key Management: Encryption keys are securely managed and regularly rotated
  • Database Encryption: All database files are encrypted at the file system level
  • Backup Encryption: All backup files are encrypted using the same standards

3. Infrastructure Security

Cloud Security Architecture

  • SOC 2 Compliant Infrastructure: Hosted on platforms with verified security controls
  • Network Isolation: Application components are isolated using virtual private networks
  • DDoS Protection: Advanced protection against distributed denial of service attacks

Network Security

  • Firewall Protection: Multi-layer firewall systems filter all network traffic
  • Intrusion Detection: Automated systems monitor for suspicious network activity
  • VPN Access: Administrative access requires secure VPN connections
  • Network Segmentation: Different system components are isolated on separate network segments

4. Application Security

Secure Development Practices

  • Code Reviews: All code and system changes undergo security-focused review before being pushed to production
  • Dependency Management: Third-party libraries are regularly updated and scanned for vulnerabilities
  • Security Testing: Regular penetration testing and vulnerability assessments

Input Validation and Sanitisation

  • SQL Injection Prevention: Parameterised queries prevent database injection attacks
  • Cross-Site Scripting (XSS) Protection: Input sanitisation prevents script injection
  • CSRF Protection: Tokens prevent cross-site request forgery attacks
  • File Upload Security: Uploaded files are scanned and validated for security threats

5. Data Privacy and Compliance

Privacy by Design

Wealthie is designed to comply with major data privacy regulations including the General Data Protection Regulation (GDPR) and the New Zealand Privacy Act. The platform follows data minimisation principles — only the information necessary for providing financial advisory services is collected and stored, reducing privacy risks and ensuring client data is not unnecessarily exposed or retained beyond what is required for legitimate business purposes.

Data Retention and Deletion

  • Secure Deletion: Data is permanently deleted using cryptographic erasure methods
  • Right to Deletion: Clients can request deletion of their personal information
  • Data Portability: Clients can request export of their data in standard formats

6. Monitoring and Incident Response

Continuous Security Monitoring

  • Log Analysis: All system activities are logged and analysed for security events
  • Anomaly Detection: Machine learning systems identify unusual patterns that may indicate threats
  • Real-time Alerts: Security teams receive immediate notifications of potential issues
  • Forensic Capabilities: Detailed logs enable investigation of security incidents

Incident Response Procedures

  • Escalation Procedures: Clear processes for escalating different types of incidents
  • Communication Plans: Procedures for notifying affected users and regulatory authorities
  • Recovery Procedures: Tested methods for restoring systems and data after incidents

7. Regular Security Assessments

Vulnerability Management

The platform implements a comprehensive vulnerability management program that includes regular scanning, assessment, and remediation of security vulnerabilities. This proactive approach ensures that security issues are identified and addressed quickly, maintaining the integrity and reliability of the platform.