Data Privacy

Secure data transmission: All communication between your device, your servers, and Anchor is encrypted over HTTPS. More specifically, our HTTPS configuration exclusively uses Transport Layer Security (TLS) v1.2 and up with forward secrecy.
We send HSTS headers to instruct web browsers that Anchor and all of our subdomains are only accessible over HTTPS. Also most major browsers have Anchor preloaded as an HTTPS-only site.
When you load a page in your browser, or upload something to Anchor, all that information is encrypted while it’s moving over the internet. We lock up your data with up to 256-bit TLS encryption, the strength of protection you get with online banking and shopping. We also support a wide variety of cyphers — another kind of code — for our communications, to ensure the highest level of encryption possible, based on your browser.
Tokenization: Anchor doesn’t store credit card or bank account numbers, ever. Credit card and bank account information is sent directly from the app or browser to our payments processor, Stripe, and Anchor receives a secure token back. This token is a code that authorizes Anchor to complete the activity securely and efficiently, without storing or exposing your credit card information.
Passwords / secrets: We only store user passwords that are first hashed using Argon2. Your password is never stored in our database in an unencrypted, or decryptable, format. You are responsible for choosing a strong password and keeping it secret.
When we need to store secrets or API keys on your behalf then they will be stored in an encrypted form using AES 256. The encrypted credentials are only accessible by internal services that need those credentials to function.
Two-factor authentication: We support two-factor authentication to protect your Anchor account in case your password is ever compromised. Two-factor authentication adds an extra layer of security to your Anchor account by requiring you to enter a verification code from your mobile device each time you login. It's strongly recommended that you enable this feature.
Secure data storage: All of your data is stored on US onshore servers that have strict physical access protocols, meaning there are rules in place limiting access to only the people who need it to do their jobs. The facilities are controlled with 24/7 monitoring, and the technology is digitally protected.
Employee access: We will only access your account to respond to support requests, and seek your consent before proceeding. The exception is if there is suspected abuse or an urgent security reason.
When working on a support issue we do our best to access the least amount of data needed to resolve your issue.
Transparency: We’re not asking you to just take our word for it that we keep your data secure. We want you to understand exactly how it’s done. That’s why we’ve written, a very clear and understandable privacy policy.
Mobile Security
Passwords are encrypted when they’re collected, when they’re sent to our servers, and we never store them without encrypting them first. In fact, all communications between our apps and our servers are encrypted using Transport Layer Security (TLS) — the replacement for Secure Sockets Layer (SSL) — the highest level of security protocols available. Beyond that, we don't store any sensitive information, such as credit card numbers, on the device ever.
Fraud Prevention
We’ve built an internal risk system that uses a wide variety of tools and insights to protect you and your customers from fraud. We’ve integrated several third-party security and anti-fraud service providers to create a layered approach to risk detection, for the highest level of protection. And our team of risk analysts monitor high risk and out-of-pattern behavior to keep our platform safe.
We’ve got your back when it comes to chargebacks. Our team is trained to coach you in best business practices to make sure you’re collecting the right information up front to protect your business from chargebacks. In the event that you do receive a chargeback (it happens!) our experts have the experience necessary to build your best case.
Bank Access Security
Read-only security: The connection Anchor makes with your financial institutions to import transactions is read-only.
Password protection: Anchor does not keep any password to any of the third party integrations, bank accounts, credit cards or tools a customer is using through the product.
________________________________________
Do you have additional questions about the security of Anchor? Please contact us. We’d be happy to tell you more about the many steps we take to ensure the security of your sensitive information.

Download the latest table of information in a PDF