Frequently Asked Questions

 

Security

Ripsaw® supports two-step authentication via email which can be enabled in your profile’s security settings.

With strong partnerships for account data aggregation and connections and to keep your credentials safe, we use Envestnet | Yodlee who maintains bank level security and is audited like a bank. The credentials stored are hardware encrypted using FIPS 140-2 level 2 HSM and the keys used for encryption cannot be accessed by anyone, including Envestnet | Yodlee employees.

Only Ripsaw staff has access to a subset  of your data (Data for manual accounts and user profiles which is stored in AWS) which does not include Credit Cards or account credentials for diagnostic purposes. See “How do we assure our users that their credentials are safe?” for how connect account credentials are managed. We do not sell any data to third parties.

Credit card payments for your Ripsaw subscription are processed through Stripe, an industry leading payments processing platform. We do not hold any credit card information.

We employ encryption, through AWS key management system of your data through AWS security. AWS KMS is a managed service that enables you to easily encrypt your data. AWS KMS provides a highly available key storage, management, and auditing solution for you to encrypt data within your own applications and control the encryption of stored data across AWS services.

We do not store any passwords in plain text. All passwords are encrypted in our database. This makes it impossible for nefarious use of your password in the case of a breach.

Our connections through our partners to your accounts are all read-only. Meaning in no circumstance can anyone touch your money. In the event that your Ripsaw account is ever compromised, our application design ensures that you are still safe. All account numbers are obfuscated. There is no way to move your money to or from any accounts you link to our platform. Neither can anyone else. After linking your accounts, your credentials are stored at Envestnet | Yodlee and are only ever sent directly to your financial institution. Ripsaw never sends your credentials to anyone besides Envestnet | Yodlee directly. Ripsaw never records the credentials anywhere.

Ripsaw® uses Amazon Web Services (AWS) for our Software as a Service (SaaS) subscription platform. With the industry’s best technology and security, AWS allows us to keep all data secure and quickly scale our resources as needed.