fbpx
Waywiser-SecondaryLogo-CircleOwl-DARK-200px

Trust
& Security

We founded WayWiser with a mission to protect the hard-earned assets, financial independence, and dignity of people as they age.

The same goes for data and digital security.

We use best practice data encryption and security protocols to keep you and your loved ones safe and we promise to never sell your personal data.

trust and security

Access

A lot of thought has gone into data access modeling here at WayWiser.

Access to your WayWiser account is one-way encrypted, which means that even after you create a complex password, our systems make it even tougher to crack by turning it into something that looks a bit like this within our database: 4420d1918bbcf7686defdf9560bb0076de5f77b7cb4c3b4.

We prevent against brute force access (where someone simply tries to guess your password) by requiring strong user passwords—eight or more characters, a capital letter, a number, and a symbol. It’s time to stop using “password” as your password.

Our User Access Model (UAM) allows the owner of a Trusted Circle to set their own guidelines for who within their Trusted Circle can access specific types of information. Applying the daily living, medicalfinancial or other roles within your Trusted Circle places digital walls around those users, sheltering them from information that they should not be privy to viewing. As the owner of a Trusted Circle, you can update the UAM at any time as you see fit in order to provide the very best care for your loved one.

A Trusted Circle member must verify their permission to access and share a loved one’s banking details and, even once connected, WayWiser allows view only access—making it impossible to withdraw, send, or otherwise eliminate funds from an account. We provide just enough access to protect your loved ones without the possibility of causing financial harm.

Finally, the WayWiser team does not access or interact with customer financial data. Our team is here when you need help, but we do not have general access or insights to your loved one’s financial data. This is all guarded by our relationship with Plaid, as you’ll see below.

Plaid

We aren’t talking about your grandfather’s flannel shirt.

WayWiser integrates with Plaid, a leading financial data aggregation specialist that works with over 6,000 companies including American Express, Venmo, Wells Fargo, Capital One, and many, many more.

As one of those companies, we utilize Plaid’s Direct Import services, never viewing or storing your bank credentials ourselves, purely providing you with read-only access to your connected financial accounts. This allows you to review banking information and set up customized alerts without us ever seeing or storing your sensitive data.

Plaid’s information security program is designed to meet or exceed industry standards, using a plethora of controls to keep your personal information safe. Plaid is certified in internationally recognized security standards like ISO 27001 and ISO 27701, and is SSAE18 SOC 2 Compliant.

AWS

We host our servers securely using Amazon Web Services (AWS).

The AWS infrastructure institutes military grade, AES256 data encryption and maintains numerous security compliance certifications and attestations including ISO 27001, ISO 27701, SOC 1, SOC 2, FISMA, HIPAA, and CSA Level 3, just to name a few.

These certifications demonstrate, in different ways, that an organization has invested in the people, processes, and technology to protect critical data and that those processes are vetted by independent experts on a regular cadence.

AWS cloud storage and hosting services are used by the Department of Defense, NASA, the CIA, and, your’s truly—WayWiser.

HIPAA & SOC 2

We’re well on our way.

Information security is of the highest priority on our roadmap and we are taking all of the necessary measures to achieve HIPAA compliance and certification—we’re currently crossing a few t’s and dotting a couple of i’s as we wade through the official certification process.

Similarly, we are moving swiftly towards a SOC 2 standard of security by means of the NIST Cybersecurity Framework.

As we grow as an organization, our compliance work will continue to evolve to meet with new product features and services.

We Will Not Sell Your Data

Let’s say that one more time so that it counts…We will not sell your data.

Rest assured that we are not in the data collection industry. We respect the amount of personal information that needs to be shared when it comes to caring for a loved one and we want that information to remain your own.