At Slash, we take security extremely seriously.
Here’s a breakdown of how we do that:
- All bank connections are managed through Plaid, an API used by Coinbase, Robinhood, Truebill, and Venmo. Plaid uses 256-bit bank-grade SSL encryption, and does not under any circumstance relay your login credentials to us or any of their clients.
- When we perform identity checks, the information you provide us is encrypted both in transit and at rest:
- We use an API called VGS to store sensitive information. VGS is used by companies such as Brex and is backed by Visa. In essence, VGS allows us to substitute non-sensitive aliases (a form of synthetic data) in place of original values. Read more about VGS here.
- While in transit, all data is encrypted with TLS/SSL.
- For the non-sensitive personal identifiable information that is actually stored in our database (name and email), we use the AES-256 protocol for encryption-at-rest, and rotate the keys that could be used to read the data stored in our DB very frequently.
Important note: your SSN never touches our servers, it is only relayed to our KYC provider (Persona) and then stored in a secure vault managed by VGS.
Why do we collect your SSN in the first place? Because by creating a Slash account, you are opening a bank account with us through our partner bank. This means we are required by the Financial Industry Regulatory Authority (FINRA) — specifically rule 2090 — to verify your identity. We do this with the help of our KYC partner Persona, who cross-references the information you provide us with national databases to verify its validity. Persona is multi-billion dollar company used by the world's leading fintech companies.
For more in depth information, contact our CTO Kevin Bai at kevin@joinslash.com.