Our Security & Privacy Promise

User identity verification ensures you’re really you.

Carefull requires you to validate your identity before receiving any financial notifications from your account. We also require strong passwords and two factor authentication.

Carefull’s innovative Trusted Contacts system makes financial caregiving secure and read-only.

For many of the 45 million Americans that act as financial caregivers, caregiving involves scribbling passwords on sticky notes, calling bank customer service on behalf of mom or dad, and reading through bank statements for another person.

Thus far, these under-the-table management methods have been the only option — but they also lack privacy and security, and can lead to theft or fraud. Carefull’s Trusted Contacts system allows older adults to share only need-to-know pieces of financial information, without giving others the ability to touch their money. Older adults maintain independence and security, while caregivers still get what they need to support the ones they love.

An “arm’s length” partnership model ensures the privacy of your banking credentials.

We use Plaid, MX, and Finicity — three of the most trusted names in financial data access — to enable private, encrypted viewing of bank and credit card activity. Carefull never stores your banking credentials. These providers connect directly to your institution, and Carefull cannot touch or move money. Access can be revoked at any time with a single click.

When you connect your financial accounts to Carefull, your credentials are never stored by Carefull — they are sent through an aggregator to your bank or credit card provider. Carefull cannot touch or move money in your accounts, and you can revoke Carefull’s view-only access by unlinking your account at any time.

Tokenization provides an extra layer of protection to all sensitive data.

Carefull Vault, which stores important documents, passwords, and contacts, uses a proprietary aliasing system to remove sensitive data from our core systems and replaces it with a corresponding alias. This process keeps your information protected by separating it from your account data. Data is encrypted with a different key per object using military-grade encryption (AES256).

Strict data separation and encryption protect your and your loved one’s personal and financial information.

Carefull has designed its data-handling systems from the outset to minimize data risks by separating customer data into several separate databases, each of which holds either personal data or financial transaction data.

Data is integrated programmatically only at runtime to deliver services to you. Data in transition is always encrypted. All web traffic is sent over Transport Layer Security (TLS) HSTS for privacy and security.

Carefull operates serverlessly on Amazon Web Services to increase the security and stability of all databases.

Carefull is hosted entirely on Amazon Web Services (AWS), a secure online data storage and hosting service that is used by the Department of Defense, NASA, and the Financial Industry Regulatory Authority (FINRA). Carefull user data is stored on private networks in at least three separate geographic locations and is inaccessible from the outside world. For more specific details about AWS security, please refer to aws.amazon.com/security.

Carefull partners with Iris and uses Equifax.

We use Iris and Equifax to provide an extra layer of protection to your Social Security Number (SSN) data. Carefull never stores your SSN alongside your account data.