From the very first page, the complete application has 128-bit SSL encryption. This means that all information that goes between your internet browser (e.g. pages, images etc) can only be read by the server or your computer - even in the case that someone else is ‘listening in’ to the connection they will not be able to read any of the information that is being transferred - they just get scrambled garbage.
The OFX and CSV features are completely safe, with no personally identifiable information ever read or stored. When you upload your transactions into PocketSmith, the only information that is read and processed are your individual transactions; all other information is discarded from the system.
Please have a read of the comprehensive article on the PocketSmith Wiki about our bank feeds service, how it works, and how secure it is. Our bank feed service is "read-only", which means that you cannot move funds between - or out of - any of your accounts using PocketSmith.
We do not ask you to provide us with anything that may reveal who you are, the only detail that we require is your email address so that we can verify that you are not a ‘robot’ creating fake accounts, and for us to get in touch with you on a periodical basis.
Your password is not stored as ‘clear-text’ in the database. To verify your password, there are two separate encrypted keys that are combined to verify that the entered password is correct. This means that nobody can retrieve your password.
If you have questions, comments, concerns or feedback regarding security of the application, please send an email to firstname.lastname@example.org
Updated May 5, 2015