header-animated-wealthapi-security

wealthAPI data security

Safety is our top priority. Data is the most precious currency of our time.

Protecting your customer data is our top priority. As a BaFin-regulated Account Information Service, we operate in accordance with German banking security and data protection standards as defined by the ZAG.

Target Operating Model (TOM)

Our operating model is essentially based on the “need-to-know” principle. In accordance with regulatory requirements, we have formalized the need-to-know principle as a series of organizational roles.

As our company develops, so does our role model. All roles are linked to data access policies that define what each role can see and edit.

Our strategy

wealthAPI-settings-48px

Technical measures

  • Hosting in Frankfurt (Google Cloud)
  • Focus on test-driven development to ensure high quality, even in a dynamic environment
  • Coaching and close cooperation with our customers and partners to ensure minimum safety standards
  • Open APIs that have been in productive use for years
  • Encapsulated infrastructure: All components (e.g. our database) run in their own network and are not visible from the outside. Backups are encrypted (data at rest encryption)
  • Use of modern technology stack and Google services (e.g. Google Intrusion Detection, Web Application Firewall)
  • Separation of sensitive and less sensitive systems in the wealthAPI infrastructure
wealthAPI-Icon-modern-building-48px

Organizational measures

  • Application of strict access management, sensitive data is only accessible to a few employees
  • Use of a strict role concept, reinforced by central authentication with Google Services
  • Formation of specialized teams and constant further training in topics such as GDPR
  • Implementation of peer reviews for all code changes as an element of quality assurance to rule out individual misconduct
  • Implementation of regulation by BaFin, e.g. as part of an annual audit process in which IT processes are also audited in a risk report

Our convictions

wealthAPI-Icon-modern-building-48px

Safety starts withinthe organization

Even if a system has an excellent security architecture, it is ineffective if those who interact with it do not have the necessary qualifications

wealthAPI-Icon-check-list-text-checkmark-48px

Organizational securitycharacterizes IT security.

As soon as employees change departments or take on a new role, their access rights must also change. We do not have any historical access rights, only role profiles.

wealthAPI-Icon-task-list-checkmark-document-text-48px

Security must follow afdesign principle

Consideration of the security aspect is of crucial importance in service design. This is due to the difficulty of changing existing systems retrospectively.

wealthAPI-Icon-single-user-Info-48px

People make mistakes, an early-warning mechanism helps

People make mistakes. It is therefore necessary to design systems in such a way that faults are detected at an early stage and their impact on safety is minimized.

The most importantfacts & figures aboutwealthAPI.

wealthAPI-Icon-task-list-checkmark-document-text-renewable-energy-shield-24px

Market experience since 2014

wealthAPI-Icon-shield-checkmark

BaFin and FMA regulated

wealthAPI-Icon-Lock

Licensed Account Information Service Provider (BaFin)

wealthAPI-Icon-Check

Authorized financial services provider in Austria (FMA)

wealthAPI-Icon-Category-Fonds

3500+ bank connections

wealthAPI-Icon-3d-Сube-Sphere

Direct API to comdirect, Trade Republic, Whitebox, Quirion, Scalable ...

Wolfram-Stacklies-casual

Find out more?

Gain insights into our commitment to data security from our CTO Wolfram Stacklies’ latest article.

Read more

Privacy Preference Center

Privacy Preferences