Yodlee’s commitment to its clients and their customers
The Yodlee Platform powers digital financial services such as personal financial management, business financial solutions, and wealth management. More than 1000 companies (financial institutions and Internet innovators) today offer Yodlee powered solutions to millions of consumers worldwide. Yodlee works with all of its Clients to power their online applications by offering a centralized and secure means for their customers to manage their finances.
Yodlee also offers data analytics and market research services. These services make use of de-identified data derived from the massive and dynamic set of transaction-level data about its Clients’ customers who have permitted their institution to share data with Yodlee.
Clients using the Yodlee Platform are required to have obtained permission from their customers to collect, use, transmit, and store their customers’ financial information with Yodlee. This information often includes data such as bank account numbers, portfolio holdings, credit card data, transactions, and outstanding debts and bills. Yodlee uses commercially available security procedures and technologies, including hardware and software data encryption techniques and multi-layer network security measures, to protect the customer’s confidential information.
Regardless of the solution, it is the Yodlee Client’s terms of service and privacy notice that define the legal relationship with their customers. These requirements are further defined in the agreements that Yodlee has with each Client that is offering services to their customers. It is important to know that Yodlee is committed to maintaining security, privacy, risk management, and compliance postures that support the needs of Yodlee’s Clients and their customers, in addition to the regulations and standards applicable to Yodlee’s global operations. Accordingly, Yodlee makes the following commitments:
Yodlee Protects User Data
Yodlee maintains a “bank grade” security program. Independent security auditors regularly audit the Yodlee security architecture and programs. In addition, Clients assess the Yodlee security posture before deployment and then annually. Many of Yodlee’s financial institution Clients conduct their own comprehensive audits. Yodlee practices are also periodically audited by federal regulatory agencies with supervisory authority over financial institutions, including the Office of the Comptroller of the Currency (“OCC”).
Yodlee Complies with Regulations and Standards
As a global organization engaged in the financial services market, Yodlee must comply with regulations and standards related to security, privacy, and operational risk. The Yodlee security program is aligned with and assessed against the ISO27002 Information Security Management Standard, PCI-DSS 3.0 Payment Card Security Standard, the US FFIEC IT Examination and various privacy regulations such as the US GLBA and the EU Data Protection Act. Yodlee provides the results of these assessments to its Clients to assure that Yodlee is meeting their expectations.
Yodlee Protects User Identity
Protecting the personal information of individuals who use Yodlee products and services provided by their financial institutions and other entities is Yodlee’s top priority. Yodlee does not typically receive any information about users from Clients that is considered personally identifiable information (“PII”) under applicable laws and regulations. Yodlee nevertheless handles all individuals’ data that it receives to minimize the potential exposure of any potential personally identifiable information. This means that data utilized in Yodlee analytics and market research data sets do not contain individually identifiable information. Yodlee’s transaction level scrubbing is reviewed through internal audits and is checked by leading third party security and privacy experts.
Yodlee Security Office
Yodlee’s Security Office focuses on three main areas of security:
- Information Security
- Network Security
- Application Security