How We Protect Your Data
We’ve implemented systematic processes and procedures for securing and storing user data.
We use strong browser encryption, store all of our data on servers in a secure facility, and implement systematic processes and procedures to protect it.
Safeguards to guard against unauthorized activity.
We are committed to protecting your account from fraud. If you see any unauthorized activity in your account, report it immediately. We'll work with you to address any issues that result from unauthorized use of your Betterment account.
Respect for your personal data and information.
We understand that personal safety on the Internet is more important now than ever, especially when it comes to managing your investments online. To help keep your investments safe, we have a dedicated security team of experts who think about things like passwords and encryption. Here are just a few of the ways that we work to help keep your information safe.
When threat actors hack into a website, passwords are usually the first thing they target.
We encourage users to use strong and unique passwords that are not shared anywhere else. We protect user passwords in a variety of ways, storing them in a format called a “bcrypt hash.” This is a method for protecting your password in our systems.
We also offer app-specific passwords, providing read-only access to third-party services. These special passwords mean third parties (e.g., tax preparation software) can only be used to read customer information, but not change it. If an attacker were to get this password, they would not be able to withdraw any money or make any account changes.
Two-factor authentication strengthens the security of your account.
Typically when you log in to a website, you just need your password. Your password is acting as the first factor in place in order to access your account. With two-factor authentication, you will use your password, and also enter a one-time code from a mobile authenticator application or from a text message or voice call in order to finish logging in. The code is now the second factor in place for account access.
Two-factor authentication strengthens the security of your account. Even if an attacker knows your password, they still would not be able to log in unless they also had access to the device where you receive the one-time code. While this adds little friction for legitimate customers, it frustrates attackers. We’ll even remember which devices you’ve logged in with in the past, so that you don’t have to keep entering codes when you log in repeatedly with the same device.
Limited Data Access
Employees only have access to customer account information when it is needed for their job (this is called the principle of “least privilege”).This ensures any internal or external threats are minimized.
Encryption is a control that can help to protect the confidentiality of data. We use several types of encryption (when data is in transit, and when we store it); the specific encryption mechanisms vary, depending on the type of data and where we process it. The information we encrypt includes your financial information, such as bank account and tax identification numbers, to your personal information, like Social Security number and secret questions.
Even before you log in to your account, the connection between your web browser and Betterment has been encrypted using Transport Layer Security (TLS). TLS helps to ensure privacy for all communications between your computer and our servers. Because of TLS, you can feel confident that any information sent between you and us is kept private as it makes its way through the internet.
We also use encryption when storing your personal information. The information we encrypt includes your financial information, such as bank account and tax identification numbers, to your personal information, like Social Security number and secret questions.
Our dedicated security team is always working for you.
We have a dedicated in-house security team that works full-time to keep you safe.
The team regularly reviews new code to minimize the potential for security issues, monitors our various tools and systems, and stays on top of industry trends and events. Keeping your account safe is our top priority, and we hope that gives you peace of mind.
If you receive an email from Betterment that you believe may be fraudulent, please forward the message to our Fraud Prevention Team: email@example.com. To report potential security vulnerabilities, please email: firstname.lastname@example.org. For any other customer support, please contact our support team.
How Our Systems Work
We’re Doing Our Part to Protect Your Account
Betterment has implemented a number of safeguards to help protect your account. These include:
We conduct thorough identity verification checks for all new customers to confirm that the information provided is accurate, not suspicious, and not on any government watch lists.
We monitor transactions on an automated and manual basis to detect potentially fraudulent and suspicious behavior on our customer accounts.
If you are logged in and inactive for an extended period of time, we’ll automatically log you out of your account to protect you from unauthorized user access.
Contact Information Safeguards
Additional security mechanisms are in place to help protect you from unauthorized changes to your account information.
Account Ownership Verification
We verify that you have proper access to any synced external accounts, to help ensure that you have linked the correct outside account to your Betterment account.
System Outage Protection
If there were ever a system outage, we have processes in place to help keep your financial account data safe and secure.
When accessing your Betterment account from a mobile device you can choose to use the biometric authentication mechanism (such as a thumbprint or facial recognition) provided by your mobile device for access.
How you help protect your account
When conducting personal financial business online or on your mobile device, you are also responsible for helping to keep your personal account secure. We recommend taking certain precautions to help protect your account. Visit our article on security tips.
Betterment values the disclosure of security vulnerabilities and will seek a coordinated approach to remediate any vulnerabilities disclosed responsibly.
Betterment operates a variety of information systems which we are responsible for safeguarding and where we welcome responsible disclosure reports. These systems include but are not limited to:
To disclose a security issue affecting Betterment or our customers, please email us at email@example.com. In your email, please include:
- Your name
- How we can contact you
- Information to help identify the asset where you have identified a vulnerability
- A description of the issue
- The steps to reproduce the issue
We will review and confirm any vulnerability reports and respond back to you in a timely manner. We may ask for additional information.
While performing research to confirm a security vulnerability, please do not take any action that might harm Betterment, our employees, or our customers. Activities that are specifically prohibited include:
- Any vulnerability testing that would cause a service outage (including denial of service, distributed denial of service, or other resource exhaustion attacks)
- Any interaction with employees or customers (including but not limited to phishing or social engineering)
- Intentionally accessing, processing, or transmitting confidential information, including personally-identifiable customer information
- Exploiting vulnerabilities except for purposes of demonstration to Betterment personnel