Bundle Security Policy

The security of your financial information is critically important to Bundle. That's why we've built our site and infrastructure to the high standards used by banks and other financial institutions. These high standards have been an integral part of Bundle's design since the beginning, and they extend to the information we collect, to the ways we store and transmit your data, and even to the employees we hire.

These are a few of the measures we've taken to keep your information safe:

Encryption: Bundle encrypts all personal financial data with a minimum of 128-bit Secure Socket Layer encryption (SSL) when it is being sent to your computer. You'll notice the padlock icon at the bottom of your browser window whenever you are on a page that contains this type of information. Our site is also equipped with a VeriSign Extended Validation SSL Certificate. This will show in most newer browsers as a green address bar and a confirmation that you're on Bundle.com. The padlock icon, along with this bar, indicates that what you see has been encrypted.

What we store: Bundle doesn't collect the type of information that identity thieves usually look for. We never ask for your full name, account numbers, social security number, home address, or other identifying information.

Where we keep it: Financial data is stored on our servers in Bundle's secure data center. We have specified and maintain strict, bank-level guidelines for security and physical access to our servers. This includes housing servers in a locked cage with 24-hour surveillance and access-control personnel. Our data center is compliant with the tough SAS 70 standards for the financial industry.

Protection against phishing: The Bundle site is designed with many behind-the-scenes features that make it harder for identity thieves to spoof our site. We won't disclose what these are, but they make it harder for someone to trick you into giving out your personal info.

Counter-hacking tactics: Bundle has also hired professional security experts to try to hack into our site. We have them employ the scores of techniques a hacker might use and harden Bundle to these attacks. We have also made it difficult for hackers to interrupt the Bundle service through brute force tactics or other automated attacks.

We don't trust just anybody: Bundle conducts extensive background checks on all employees. Bundle employees do not have access to your bank usernames or passwords. Only a few trusted Bundle employees have access to the servers where your other financial information is stored, and even then all access is logged and monitored regularly.

You can't move money with Bundle: Bundle gives you tools and access to view and analyze your spending across accounts, but no money can be moved in or out of your bank, brokerage, or credit card accounts.

Some things you can do to help safeguard your information:

Always keep your computer's antivirus software up to date.

Never send Bundle a regular email with financial account details. We have a special form for reporting issues so you can submit a question while logged in and we'll tie it to your account in our system.

Consider changing your Bundle and financial institution passwords once or twice a year.

Don't use the same password for all of your website accounts.

Look for the SSL padlock icon on your web browser whenever you are entering sensitive information. This indicates that the page is encrypted.