Compliance Disclosures
SpendShift Secure Transaction Guidelines
Effective Date: Dec 21, 2024
SpendShift is committed to ensuring the security of every transaction you make through our platform. These guidelines provide an overview of the security measures we use and steps you can take to protect your account and transactions.
1. How SpendShift Secures Your Transactions
We use advanced technologies and best practices to safeguard your financial information during every transaction:
Encryption
In Transit: All transaction data is encrypted using SSL/TLS protocols to protect it during transmission.
At Rest: Your financial data is encrypted using AES-256, ensuring it is secure even when stored.
Fraud Detection Systems
We use machine learning algorithms to monitor transactions for suspicious patterns.
High-risk transactions are flagged for review to prevent unauthorized activity.
Two-Factor Authentication (2FA)
We encourage enabling 2FA to add an extra layer of protection for your account during transactions.
Secure Payment Gateways
SpendShift partners with industry-leading payment processors that comply with PCI DSS standards to ensure secure handling of payment information.
2. Steps You Can Take to Protect Your Transactions
Your security is a partnership. Follow these steps to protect your transactions:
Keep Your Account Secure
Use a strong, unique password for your SpendShift account.
Never share your login credentials with anyone.
Verify Transaction Details
Double-check transaction details, including amounts and recipient information, before confirming.
Be cautious of unusual or unexpected payment requests, even from known contacts.
Monitor Account Activity
Regularly review your account for unauthorized transactions.
Set up notifications in SpendShift to alert you of transactions and changes to your account.
Avoid Public Wi-Fi
Use a secure and private internet connection when making transactions. Public Wi-Fi networks may expose your data to unauthorized access.
Recognize Phishing Attempts
Be wary of emails or messages asking for personal or financial information.
SpendShift will never ask you for your password or sensitive information via email or text.
3. Best Practices for Online Transactions
Confirm Website Security
Ensure you are accessing SpendShift through our official website or app.
Look for "https://" and a lock icon in your browser's address bar to verify the connection is secure.
Keep Software Updated
Update your SpendShift app and device software regularly to protect against vulnerabilities.
Install antivirus software and ensure it is up-to-date.
Beware of Scams
Avoid clicking on suspicious links or downloading attachments from unknown sources.
If an offer seems too good to be true, it probably is. Verify its legitimacy before proceeding.
4. Handling Suspicious Transactions
If you suspect a transaction may be fraudulent or unauthorized:
Do Not Proceed: Cancel or decline the transaction immediately if possible.
Contact SpendShift Support:
Email: contact@spendshift.io
In-App Support: Use the Help section in the SpendShift app.
Notify Your Bank: If linked to your SpendShift account, inform your bank of any unauthorized charges.
Change Your Password: Update your account credentials to prevent further unauthorized access.
5. Transaction Disputes and Resolution
If you notice a discrepancy or unauthorized transaction, SpendShift offers support to resolve it:
File a Dispute: Use the in-app support feature or email contact@spendshift.io to report the issue.
Provide Details: Include the transaction ID, date, amount, and a description of the issue.
Investigation Timeline: We aim to resolve disputes within 10 business days.
6. Security Features Available in SpendShift
Take advantage of the tools we provide to enhance your security:
Real-Time Notifications: Receive instant alerts for account changes and transactions.
Transaction Locks: Temporarily pause transactions from specific accounts or savings goals.
Audit Trail: Access a detailed history of your account activity to spot unusual behavior.
7. Your Rights and Our Commitment
SpendShift is committed to protecting your transactions and financial information. If fraud occurs due to a breach on our platform, we will:
Cover any losses directly caused by our systems.
Assist you in recovering funds or resolving disputes.
Note: This protection does not cover losses resulting from customer negligence, such as sharing passwords or failing to secure devices.
8. Updates to These Guidelines
We may update these Secure Transaction Guidelines to reflect changes in technology, best practices, or regulatory requirements. Significant updates will be communicated via email or in-app notifications.
9. Contact Us
If you have questions or need assistance, please reach out:
Email: contact@spendshift.io
SpendShift Compliance and Certification Disclosure
Effective Date: Dec 21st, 2024
At SpendShift, we are dedicated to maintaining the highest standards of security, privacy, and regulatory compliance. This Compliance and Certification Disclosure outlines the frameworks, certifications, and regulations we adhere to, ensuring that your data and transactions are managed responsibly and securely.
1. Regulatory Compliance
SpendShift complies with all applicable federal and state laws governing financial and data security, including but not limited to:
Gramm-Leach-Bliley Act (GLBA)
Ensures the privacy and security of your personal financial information.
Mandates that we disclose how your information is collected, shared, and protected.
Payment Card Industry Data Security Standard (PCI DSS)
Complies with PCI DSS requirements to safeguard payment card data.
Implements encryption, secure storage, and access controls for all payment transactions.
State-Specific Regulations
Washington State Compliance: Fully licensed and compliant with the Uniform Money Services Act (Chapter 19.230 RCW) for money transmission activities.
Data Privacy Laws: Complies with applicable state-level privacy regulations, such as the California Consumer Privacy Act (CCPA) where applicable.
Financial Crimes Enforcement Network (FinCEN)
Registered as a Money Services Business (MSB) with FinCEN to comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements.
General Data Protection Regulation (GDPR) (If Applicable)
For users located in the European Economic Area (EEA), SpendShift follows GDPR principles to ensure your privacy rights are respected.
2. Certifications
SpendShift partners with industry leaders and adheres to rigorous standards to certify the security and reliability of our platform:
SOC 2 Type II Certification
Demonstrates our commitment to managing data securely and protecting the privacy of our customers.
Audited by an independent third party, verifying compliance with the Trust Service Criteria for security, availability, and confidentiality.
ISO/IEC 27001 Certification
Our systems are certified to meet ISO 27001 standards for information security management.
Ensures we maintain a comprehensive framework for identifying, managing, and mitigating risks to customer data.
PCI DSS Certification
Our payment systems meet PCI DSS requirements, ensuring secure handling of credit card transactions.
3. Privacy Compliance
SpendShift adheres to strict privacy laws and frameworks to ensure your personal data is handled responsibly:
Privacy Shield (if applicable)
For international data transfers, we comply with the Privacy Shield Frameworks (or equivalent agreements) to ensure adequate protection of your information.
Data Minimization
Collects only the data necessary to provide our services.
Implements robust data retention and deletion policies.
Transparency
Our Privacy Policy and Security Policy explain how we collect, use, and protect your information.
4. Anti-Money Laundering (AML) and Know Your Customer (KYC) Compliance
AML Program
Implements measures to detect and prevent money laundering, terrorist financing, and other financial crimes.
Includes transaction monitoring, suspicious activity reporting, and employee training.
KYC Procedures
Verifies customer identities during onboarding to ensure compliance with regulatory requirements.
Protects the platform from unauthorized or fraudulent activity.
5. External Audits and Assessments
SpendShift undergoes regular independent audits and assessments to verify compliance with regulatory and certification standards:
Annual SOC 2 Type II and PCI DSS audits.
Vulnerability and penetration testing conducted by certified cybersecurity firms.
Internal audits to assess adherence to policies and procedures.
6. Secure Data Hosting
SpendShift’s systems are hosted in secure, state-of-the-art data centers that comply with:
ISO 27001: Ensuring comprehensive information security management.
Tier III or Higher Data Center Standards: Guaranteeing high availability and resilience.
7. Customer Protections
SpendShift provides the following guarantees to protect our customers:
Fraud Protection Guarantee: Covers losses directly caused by breaches on our platform.
Secure Transactions: All transactions are encrypted and monitored for unauthorized activity.
Data Access Controls: Customer data is accessible only to authorized personnel under strict role-based access policies.
8. Reporting and Compliance
Incident Reporting
SpendShift complies with all regulatory requirements for incident reporting, including notifying affected customers within the required timeframes.
Transparency in Communication
Provides timely and detailed updates regarding security and compliance changes affecting our services.
Regulatory Partnerships
Works closely with regulatory bodies and financial institutions to stay ahead of compliance requirements.
9. Updates to This Disclosure
SpendShift regularly updates its policies and practices to reflect changes in regulations, technology, or our services. We will notify you of significant updates to this Compliance and Certification Disclosure via email or app notifications.
10. Contact Us
For questions about our compliance and certifications or to request more information, contact us at:
Email: contact@spendshift.io