256-bit AES Encryption
Every piece of data stored on Patchly is encrypted using the highest standard in the industryโAES-256. Whether it's your bank login or your kid's savings goal, it's locked tight.
๐ Your Privacy is Sacred
Bank-level security,
Bank-level security,
family-level care.
We use 256-bit encryption, SOC 2 Type II compliance, and keep your data on US servers. Your financial data is never sold to third parties. We built Patchly with privacy as a foundational value, not an afterthought.
๐ก๏ธ How We Protect You
Built on trust, engineered for safety
We don't just say we're secure; we prove it with industry-standard certifications and transparent practices.
Read-Only Bank Connections
We connect to your bank via Plaid using read-only access. We never initiate transfers or move moneyโever. You remain in control of your funds at all times.
SOC 2 Type II Certified
We are SOC 2 Type II certified. This means we meet strict standards for security, availability, and confidentiality. Your data is safe in our hands.
COPPA Compliance
Our "KidCoins" accounts are fully compliant with the Children's Online Privacy Protection Rule (COPPA). We collect no personal data from children under 13 without explicit parental consent.
2FA & Biometrics
Protect your account with Two-Factor Authentication (2FA) and biometric login (FaceID/TouchID) on supported devices. Itโs an extra layer of security you can enable in seconds.
US-Based Data Residency
Your data lives on secure, US-based servers. We never rent out your data to third-party advertisers or data brokers, ensuring your financial life stays yours.
Bug Bounty Program
We believe in transparency. Our vulnerability disclosure program allows security researchers to find and report bugs safely. We reward honest findings to keep our system strong.
Privacy Policy & Summary
Read our full Privacy Policy. We use cookies only for essential functionality and never track you without your permission.
๐ค Security Questions
Frequently asked questions
We know you have questions about safety. Here are the answers.
-
Yes. Patchly is COPPA-compliant, meaning we adhere to strict privacy standards for children under 13. We do not collect personal information from minors without explicit parental consent, and we keep their financial data segregated from adult accounts.
-
SOC 2 (System and Organization Controls) is an independent audit that verifies Patchly has adequate security controls to protect your data. Type II specifically looks at the effectiveness of those controls over time, giving you confidence that we are consistently secure.
-
Absolutely. You have the right to your data. You can export all your transaction history and account settings at any time, or request a full account deletion from your settings menu. We will wipe your data permanently upon request.
-
We use Stripe for processing payments. Your credit card information is tokenized and never stored on our servers. Patchly never sees your full card number; Stripe handles the secure transaction securely.