Site security

1. Site Security

Optimly takes security very seriously and are fully committed to protecting our clients’ personal information. We use industry-standard secure sockets layer (SSL) 256-bit encryption technology to ensure that all your personal and transactional information is encrypted before transmission. The information you supply is encrypted and cannot be read by anyone else.

Our website is protected by a digital certificate to ensure any data you share with us is secure. When you enter a protected area, a small padlock will be displayed on the screen to indicate that you have a secure connection with us.


2. Technology partner security

We have chosen Moneyhub as our technology partner to enable you to connect your bank accounts. Moneyhub enable this using Open Banking, a series of reforms that means all UK-regulated banks will have to let their customers share their financial data such as spending habits, regular payments and companies they use with authorised providers offering budgeting apps, or other banks via an Application Programming Interface (API) – as long as they give their permission.

Customers can only safely share their financial information with people who are Financial Conduct Authority regulated. Moneyhub Financial Technology is a registered AISP (Account Information Service Provider) and PISP (Payment Initiation Service Provider), reference no. 809360.

Moneyhub have certified ISO-27001 information security procedures. This is the same certification used by Google, Microsoft and Amazon. It is an internationally recognised standard that sets out the requirements for firms in establishing and maintaining a robust information security management system. It also provides assurance that a business with this accreditation has implemented processes and controls that are secure and have been through rigorous audits and assessments. The certification demonstrates that we as a company have adopted a proactive rather than reactive approach to managing our consumer’s data security.

This means we adopt the following processes:
  • A specialist Financial Service compliance team check our processes on a monthly basis.
  • A comprehensive risk tracker maps information asset risks back to a series of internal controls.
  • The principle of least privilege is applied throughout the organisation. This is the limiting of access to the minimal level that will allow normal functioning. Staff have the lowest level of user rights that they can possibly have to be able to still perform their roles.

3. Security of Optimly Exchange partners

Where possible we’ve partnered with sites that are the same level of security as Optimly however if you access a third-party site using links from our website, we recommend that you check their security policy when you visit as we cannot take responsibility for the privacy policies and practices of other websites.