Your security is our priority
We understand that connecting your brokerage accounts requires trust. Tendrill is built from the ground up with security and privacy as core principles. Here’s how we protect your financial data.Bank-level security. Tendrill uses the same security infrastructure trusted by Venmo, Coinbase, and thousands of financial applications.
Plaid: The foundation of secure connections
Tendrill uses Plaid to connect to your brokerage accounts. Plaid is the industry standard for secure financial data connections.What is Plaid?
Plaid is a financial technology company that securely connects your bank and brokerage accounts to apps. They’ve been trusted with:- Over 100 million consumer accounts connected
- 12,000+ financial institutions supported
- 8,000+ apps and services powered
SOC 2 Type II Certified
Regular third-party audits verify security controls
256-bit Encryption
All data encrypted in transit and at rest
Bank-grade Infrastructure
Same security standards as major financial institutions
Regulatory Compliance
GDPR, CCPA, and financial privacy compliant
How the security works
Credential protection
When you connect your brokerage:You authenticate directly with your brokerage
You enter your credentials into Plaid’s secure interface - not Tendrill
Plaid verifies and establishes connection
Plaid communicates directly with your brokerage using encrypted channels
Tendrill NEVER sees your login credentials
All data encrypted in transit (TLS 1.2+)
All data encrypted at rest (AES-256)
Read-only access
Tendrill has read-only access to your accounts. This means:| We CAN | We CANNOT |
|---|---|
| ✅ See your holdings and positions | ❌ Execute trades |
| ✅ See your account balances | ❌ Transfer money |
| ✅ See your transaction history | ❌ Change account settings |
| ✅ See cost basis (when available) | ❌ Access other accounts |
Data encryption
In transit
All data moving between systems is encrypted:- TLS 1.2+ encryption for all connections
- Certificate pinning to prevent man-in-the-middle attacks
- Secure WebSocket connections for real-time data
At rest
All stored data is encrypted:- AES-256 encryption (military grade)
- Key management through secure cloud providers
- Regular rotation of encryption keys
Infrastructure security
Tendrill’s infrastructure follows industry best practices:Cloud security
Cloud security
- Hosted on major cloud providers (AWS/GCP) with enterprise security
- SOC 2 compliant infrastructure
- Regular security audits and penetration testing
- DDoS protection and WAF (Web Application Firewall)
Access controls
Access controls
- Strict role-based access for employees
- Multi-factor authentication required internally
- Activity logging and monitoring
- Principle of least privilege
Monitoring
Monitoring
- 24/7 security monitoring
- Automated threat detection
- Incident response procedures
- Regular security updates
What data we store
Tendrill stores the minimum data necessary to provide the service:| Data | Stored? | Purpose |
|---|---|---|
| Phone number | Yes | Your account identity and message delivery |
| Holdings data | Yes | Portfolio monitoring and insights |
| Conversation history | Yes | Context for follow-up questions |
| Brokerage credentials | No | Never stored - handled only by Plaid |
| Account numbers | No | Not needed for our service |
| Social Security Number | No | Never requested or accessed |
Your rights and controls
You’re always in control of your data:Disconnect anytime
Remove brokerage connections instantly
Delete your data
Request complete data deletion
View connected apps
See all apps using your data via Plaid
Export your data
Request a copy of your data
Third-party security validation
Our security practices are validated by:- Plaid’s security requirements - We must meet their standards to use their service
- Cloud provider certifications - AWS/GCP security certifications
- Regular penetration testing - Third-party security assessments
- Bug bounty program - Security researchers help identify vulnerabilities
FAQ
Has Tendrill ever been hacked?
Has Tendrill ever been hacked?
No. We have never experienced a security breach. We maintain rigorous security practices and continuously invest in protecting your data.
Is my data sold to third parties?
Is my data sold to third parties?
Absolutely not. We never sell, share, or monetize your financial data. See our Zero Data Retention Policy.
What if Plaid is compromised?
What if Plaid is compromised?
Plaid has never experienced a breach of user data. They employ industry-leading security practices and are regularly audited. In the unlikely event of any security incident, we would notify affected users immediately.
Can Tendrill employees see my portfolio?
Can Tendrill employees see my portfolio?
Access to user data is strictly limited. Only essential personnel have access for support purposes, and all access is logged and audited.
Reporting security concerns
If you discover a potential security vulnerability:Report a security issue
Contact security@tendrill.ai - we take all reports seriously