Safety is our top priority.

Data is the most precious currency of our time.

Target Operating Model (TOM)

Our operating model is essentially based on the “need-to-know” principle. In accordance with regulatory requirements, we have formalized the need-to-know principle as a series of organizational roles.

As our company develops, so does our role model. All roles are linked to data access policies that define what each role can see and edit.


Our strategy


Technical measures

  • Hosting in Frankfurt (Google Cloud)
  • Focus on test-driven development to ensure high quality, even in a dynamic environment
  • Coaching and close cooperation with our customers and partners to ensure minimum safety standards
  • Open APIs that have been in productive use for years
  • Encapsulated infrastructure: All components (e.g. our database) run in their own network and are not visible from the outside. Backups are encrypted (data at rest encryption)
  • Use of modern technology stack and Google services (e.g. Google Intrusion Detection, Web Application Firewall)
  • Separation of sensitive and less sensitive systems in the wealthAPI infrastructure

Organizational measures

  • Application of strict access management, sensitive data is only accessible to a few employees
  • Use of a strict role concept, reinforced by central authentication with Google Services
  • Formation of specialized teams and constant further training in topics such as GDPR
  • Implementation of peer reviews for all code changes as an element of quality assurance to rule out individual misconduct
  • Implementation of regulation by BaFin, e.g. as part of an annual audit process in which IT processes are also audited in a risk report

Our convictions


Security begins within
the organization

Even if a system has an excellent security architecture, it is ineffective if those who interact with it do not have the necessary qualifications


Organizational security
shapes IT security.

As soon as employees change departments or take on a new role, their access rights must also change. We do not have any historical access rights, only role profiles.


Security must be
following a design principle

Consideration of the security aspect is of crucial importance in service design. This is due to the difficulty of changing existing systems retrospectively.

People make mistakes, an early-warning mechanism helps

People make mistakes. It is therefore necessary to design systems in such a way that faults are detected at an early stage and their impact on safety is minimized.

Facts &


Market experience since 2014


BaFin and FMA regulated


Registered account information service in Germany (BaFin)


Authorized financial services provider in Austria (FMA)


3500+ bank connections


Direct API to comdirect, Trade Republic, Whitebox, Quirion, Scalable ...


Find out more?

Read the detailed thought leadership article by our CTO Wolfram Stacklies now (german only).

Read more (german only)