Our team understands the importance of safeguarding client data. To ensure its security, we have implemented various protection measures, safeguards and multiple layers of protection.

Here is an overview of the security measures, standards and protocols WealthRabbit uses to protect client data.

Compliance

CCPA image
  • CCPA Compliance
    The California Consumer Privacy Act (CCPA) is a privacy law that gives California residents certain rights over their personal information (PI). PI includes any information that identifies, relates to, describes, or can be associated with a particular person or household.
    As a provider of services that handles PI of California residents, WealthRabbit adheres to all the regulations of the CCPA. This means that WealthRabbit provides California residents with the right to know what PI is being collected, the right to access their PI, the right to have their PI deleted, and the right to opt out of the sale of their PI.

Data protection

  • 2FA - Authentication
    Wealth Rabbit clients can enable 2FA Authentication and add a layer of security to their accounts. We provide our clients with an option to choose from Google Authenticator, Authy by Twilio, Microsoft Authenticator, Last Pass, and the 2FA Authenticator applications.
  • Encryption
    We encrypt all clients' sensitive data that is stored in our database (Data-in-rest) and data that is transmitted between networks or devices (data-in-motion).
    We also follow TLS (Transport Layer Security) cryptography protocols to encrypt the data that is being accessed or read at any given time.
  • Firewall
    We implemented a Web Application Firewall that filters incoming traffic, scrutinizes requests for malicious patterns, and ensures only authorized and authentic access.
  • Antivirus
    Our system is protected by antivirus software that continuously monitors device behavior, files, and applications, identifying anomalies and thwarting potential threats.
  • PII data security
    We follow all the standard regulations of PII data security to ensure that our client's personal information (Social Security numbers, email addresses, phone numbers, etc) is secure.
  • Database management
    Access to production databases is restricted to only those who have a specific need to access the production data. We also perform data backups as a preventive measure against unprecedented security incidents.
  • AWS infrastructure security
    Our applications are hosted on AWS with security controls enforced through VPC Security Groups. Each instance is protected by firewall rules, allowing only authorized traffic to access the servers.
  • Email security
    WealthRabbit ensures email security by implementing DMARC, DKIM, and SPF measures. This helps authenticate and verify legitimacy, preventing spoofing and phishing attacks.

Infrastructure security

  • Auto scaling
    Our infrastructure auto-scales to maintain high availability and support demand
  • Denial of Service (DoS) protection
    WealthRabbit has implemented measures to protect against Denial of Service (DoS) attacks.
  • Backups and monitoring
    On an application level, we produce audit logs for all activity, ship logs to ELK for analysis, and use S3 for archival purposes. All actions taken on production consoles are logged.
  • Disaster recovery
    We have an established setup in an alternate location to ensure business continuity in the event of any disruptions at our primary site. All of our infrasturcture and data are spread across 3 AWS availability zones and will continue to work should any one of those data centers fail.
  • Least privilege
    AWS Security Groups employed for our infrastructure are baselined regularly to maintain the least privilege. IAM roles granted to intercomrades for our AWS production environment are baselined regularly to maintain the least privilege.
  • Virtual private cloud
    All of our servers are within our virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.
  • Embargoed countries respected
    We block access to our product from an embargoed country based on the IP of the user.

Organizational security

  • Background checks
    Our security policies comprise numerous measures and guidelines starting from access controls and encryption protocols to regular audits and vulnerability assessments, to which we strictly adhere to ensure complete data protection.
  • Endpoint management
    We push updates to employee laptops such that they are on the latest, patched version of their required operating system. This control ensures that access to critical systems is restricted to compliant and secure devices, enhancing our overall security posture.
  • Endpoint protection
    All corporate laptops are configured with endpoint protection (EPP) with procedures in place to ensure infected machines cannot access our systems.
  • Mandatory security awareness training
    All employees undergo mandatory security awareness training on an annual basis. Certain higher-risk roles go through additional training specific to their role and its associated risks, annually.
  • Employee confidentiality
    All employee contracts include a confidentiality agreement.

Application security

  • Secure software development - DevSecOps
    We follow the DevOps Methodology for Testing and Deploying to ensure secure software development with the implementation of standard security measures throughout the development cycle.
  • Threat modeling
    We formulate strategies to negate and nullify potential security threats and vulnerabilities right at the development of our application.
  • Incident management
    We have streamlined countermeasures in place in case of any unprecedented and unexpected security incidents.
  • Change management
    We adhere to a standard process that involves careful planning, testing, and validation to ensure that every change is introduced without posing any risks to the data.

Governance

  • Security policies
    Our security policies comprise numerous measures and guidelines starting from access controls and encryption protocols to regular audits and vulnerability assessments, to which we strictly adhere to ensure complete data protection.
  • Security awareness training
    The team at WealthRabbit has a clear-cut understanding of data security and constantly stays ahead of new technologies and security mechanisms that counter security threats. This culture of awareness strengthens our collective defense and reinforces our commitment to data security.
  • Escalation matrix
    In the event of any security incidents, the responsible personnel and notification procedures for each escalation level are designed and are being followed.

Security evaluation

  • Penetration testing
    Our penetration testing practices are aligned with OWASP standards, a comprehensive guide to identifying and mitigating security vulnerabilities in web applications. We frequently test our systems to uncover potential vulnerabilities.
  • Monitoring and response
    We regularly monitor and scan our network and application to identify any potential security threats. When there is such a threat identified, we perform event log analysis to respond with proactive measures for negating the threat.
  • Server hardening
    We implement a sequence of server hardening processes to eliminate the potentially vulnerable points for security attacks in our servers.

Subprocessors

  • Plivo, Inc. - SMS and phone functionality
    Plivo is a cloud communications platform that allows developers to add phone calls, text messages, video, and other communication features to their applications using its APIs.
  • Cloudflare, Inc.
    Cloudflare is a web performance and security company that provides content delivery network (CDN) services, DDoS mitigation, Internet security, and distributed domain name server (DNS) services
  • Amazon web services, Inc.
    Hosting, storage, and processing of Customer Data

Resources

Vulnerability Assessments (2024)

Information Security Policy

Security Questionnaire

Retirement planning that supports your success

Join hundreds of small businesses and individuals building real financial security with
WealthRabbit - fully digital, fully automated, fully yours.