Skip to main content

Portfolio Data Security

Your financial data security is our top priority. Here’s how we protect your portfolio information.

How We Handle Your Data

Brokerage Connections

When you connect a brokerage:
  • Credentials are never stored - We don’t save your brokerage password
  • Plaid handles authentication - Industry-leading secure aggregator
  • Read-only access - We can only view holdings, never make trades
  • Encrypted connections - All data transmitted securely

What Plaid Does

Plaid is the secure service that connects your brokerage to Rallies:
  • Used by thousands of financial apps
  • Bank-level security
  • SOC 2 Type II certified
  • Never shares your credentials with us

Data Encryption

All portfolio data is encrypted:
LayerEncryption
In transitTLS 1.3
At restAES-256
BackupsAES-256
This means your data is protected both when it’s moving between your device and our servers, and when it’s stored.

What We Can See

After you connect your brokerage, we can see:
  • ✓ Stock/ETF/fund holdings
  • ✓ Number of shares
  • ✓ Current market value
  • ✓ Cost basis (if your brokerage provides it)
  • ✓ Recent transactions

What We Cannot Do

Rallies cannot:
  • ✗ Make trades in your account
  • ✗ Transfer money
  • ✗ See accounts you haven’t connected
  • ✗ Access your brokerage password
  • ✗ Share your data with third parties (without consent)

Manual vs. Connected Portfolios

Manual EntryBrokerage Connection
DataYou enter holdingsSynced automatically
SecurityNo credentials neededSecure via Plaid
UpdatesManualAutomatic
RiskNoneMinimal (read-only)
If you’re concerned about connecting your brokerage, manual entry is always available.

Your Control Over Data

You can:

Disconnect Anytime

  1. Go to Portfolio → Connected Accounts
  2. Click “Disconnect”
  3. Connection is removed immediately
  4. Historical data can be kept or deleted

Delete Your Data

  1. Go to Settings → Privacy
  2. Click “Delete Portfolio Data”
  3. All portfolio information is removed

Download Your Data

  1. Go to Settings → Privacy → Download Data
  2. Receive a copy of all your portfolio data
  3. Learn more →

Our Security Practices

Infrastructure

  • Hosted on secure cloud infrastructure
  • Regular security audits
  • Penetration testing
  • 24/7 monitoring

Access Controls

  • Employee access is strictly limited
  • Multi-factor authentication required
  • Activity logging and monitoring
  • Background checks for team members

Compliance

  • GDPR compliant
  • CCPA compliant
  • SOC 2 practices

Incident Response

If a security incident occurs:
  1. Immediate containment - Stop the breach
  2. Investigation - Determine scope and impact
  3. Notification - Inform affected users promptly
  4. Remediation - Fix vulnerabilities
  5. Review - Prevent future incidents

Questions About Security?

Contact us at [email protected] for security-related questions. For general support, contact our team →.