Enterprise-grade security by default.
PsyFi is ISO 27001 certified and SOC 2 Type II compliant, built on AWS with bank-grade encryption and continuous monitoring through Scrut. We never see your bank passwords, and your data is never sold.
Audited & Trusted By
Security at a Glance
Quantitative controls protect every piece of your financial and behavioral data. These are measured and monitored continuously.
The same TLS 1.2+ in transit and AES-256 at rest used by major financial institutions.
Bank connections go through Plaid and Flinks. You authenticate directly with your bank.
Private VPCs, encrypted databases, automated backups, DDoS protection, 24/7 monitoring via Scrut.
Our SOC 2 Type II report is available under NDA to prospective customers and partners. You can request a copy here.
How Bank Sync Works
Powered by Plaid and Flinks, the open-banking providers used by thousands of regulated financial apps across the US and Canada.
Plaid & Flinks Are the Intermediaries
When you connect a bank, you log in through Plaid's or Flinks' secure portal instead of PsyFi. Your credentials go directly to them, and we never see them.
Read-Only Access
PsyFi can only read transaction and balance data. We cannot move money, initiate transfers, or modify your accounts, and neither can our providers.
Trusted Across North America
Plaid connects to 12,000+ institutions and is SOC 2 Type II compliant. Flinks, owned by National Bank of Canada, is the leading open-banking provider for Canadian institutions.
Revoke Access Anytime
Disconnect your bank accounts from PsyFi at any time from settings. You can also revoke Plaid's or Flinks' access directly through your bank or their consumer portals.
AI & Behavioral Data Security
Our coaching is powered by leading enterprise AI providers under strict data-handling agreements that protect your privacy.
Enterprise AI Providers
PsyFi uses OpenAI, Anthropic, and Amazon Nova via their enterprise APIs. All of these providers are bound by zero-retention and no-training data-processing agreements.
Your Data Never Trains Models
By contract, none of your transaction, behavioral, or coaching data is used to train third-party foundation models. Your account history stays yours.
Minimum-Necessary Context
We send only the redacted, minimum context an AI model needs to coach you. Account numbers, identifiers, and PII are stripped before any inference call.
Infrastructure Security
Built on AWS, monitored continuously, hardened by design.
Hosted on AWS
PsyFi runs inside private VPCs on AWS with IAM least-privilege access, AWS KMS key management, automated patching, and DDoS protection via AWS Shield.
Encrypted Databases
All databases are encrypted at rest with AES-256 and isolated in private subnets. Automated encrypted backups are taken daily with point-in-time recovery.
ISO 27001 Certified · SOC 2 Type II Certified
PsyFi holds both ISO/IEC 27001 certification and SOC 2 Type II compliance, independently audited by third-party assessors. Our documented policies, risk assessments, and control environment are audited on a recurring basis. The SOC 2 Type II report is available under NDA. Contact info@psyfiapp.com.
Continuous Monitoring with Scrut
Scrut Automation continuously monitors our cloud configuration, access controls, and vendor risk in real time, so security drift is caught and fixed automatically.
HTTPS & Strict Transport
Every connection to PsyFi is encrypted with TLS. We enforce HSTS, strong cipher suites, and modern security headers to prevent downgrade and injection attacks.
Vulnerability Management
Dependencies and infrastructure are kept current with continuous vulnerability scanning, automated patching, and a documented incident response runbook.
Data Privacy
Your data belongs to you. Period.
We Never Sell Your Data
Your financial and behavioral data is never sold, shared with advertisers, or used for marketing. We make money from subscriptions, not from you.
Export Your Data
You can export all your data at any time. Your accounts, transactions, goals, and behavioral history are always yours to take with you.
Delete Everything Anytime
Delete your account from settings and we permanently remove your personal data, including coaching history, from our systems.
Full Privacy Policy
Read our complete privacy policy for details on how we collect, use, and protect your information. View privacy policy →
Security FAQ
The questions we hear most from people connecting their accounts.
Can PsyFi access or move money in my bank account?+
No. PsyFi connects to your bank through Plaid and Flinks with read-only access. We can only view transaction and balance data. No one can move money, make transfers, or modify your accounts through PsyFi. You can revoke access at any time from settings or directly through Plaid or Flinks.
What data does PsyFi store?+
PsyFi stores your linked account metadata, transaction history, goals, behavioral assessment results, and coaching interactions. We never store your bank passwords or full credit card numbers. Authentication with your bank happens entirely inside Plaid or Flinks.
Is my data used to train AI models?+
No. PsyFi uses OpenAI, Anthropic, and Amazon Nova through their enterprise APIs under zero-retention, no-training agreements. Your transactions, behavioral data, and coaching conversations are never used to train any third-party foundation model.
Where is my data stored?+
Your data is stored in encrypted, region-pinned AWS databases inside private VPCs. Access is restricted by IAM least-privilege controls, all keys are managed by AWS KMS, and configuration is monitored continuously by Scrut.
How do I delete my data?+
You can delete your account and all associated data at any time from your account settings. When you do, your personal data, transactions, behavioral history, and coaching records are permanently removed from our systems. This action is irreversible.
Is PsyFi SOC 2 compliant?+
Yes. PsyFi is SOC 2 Type II certified, audited by an independent third-party assessor. Our control environment is continuously monitored by Scrut Automation. The full SOC 2 Type II report is available under NDA to prospective customers and partners. You can email info@psyfiapp.com to request a copy.
What happens if there's a security incident?+
We follow a documented incident response plan aligned with ISO 27001. Affected users would be notified promptly in line with applicable laws (including PIPEDA and GDPR), and corrective action would be taken immediately. Because we never store bank passwords or full card numbers, the risk of credential exposure is substantially reduced.
How can I report a security issue?+
If you believe you've found a security vulnerability in PsyFi, please email info@psyfiapp.com. We review every report and will respond as quickly as possible.
Build Wealth With Confidence
Your financial and behavioral data is protected by ISO 27001 and SOC 2 Type II certified controls, AWS infrastructure, enterprise AI agreements, and read-only open-banking integrations.
No credit card required · 7-day free trial · Delete your data anytime