BenefitsFront
Security & Compliance

Bank-level security. Full stop.

Your financial data is protected by the same standards used by the world's leading banks and financial institutions.

SOC 2 Type II
PCI DSS Level 1
FDIC Partner
CCPA Compliant
GLBA Compliant
ISO 27001

Our Security Architecture

256-bit TLS Encryption

All data in transit is encrypted using TLS 1.3 with AES-256 cipher suites. Data at rest is encrypted using AES-256 with FIPS 140-2 validated modules.

SOC 2 Type II Certified

Independently audited by a Big 4 firm annually. Our SOC 2 Type II report covers Security, Availability, Processing Integrity, and Confidentiality trust service criteria.

Multi-Region Infrastructure

Data centers in US-East (Virginia) and US-West (Oregon) with active-active failover. 99.99% uptime SLA. Zero planned maintenance windows.

Penetration Tested Quarterly

Independent penetration testing by certified ethical hackers every quarter. Vulnerability management program with SLAs for critical (24hr), high (72hr), medium (30d) findings.

FDIC-Insured Advances

Advances originated by Meridian Bank, N.A., a federally chartered bank and Member FDIC. Deposits insured up to $250,000 per depositor.

Fraud Detection & Monitoring

24/7 automated fraud detection powered by machine learning. Real-time transaction monitoring with instant alerts and account freeze capability.

Data Practices

What data do you collect?

We collect identity verification data, employment information, payroll account credentials (via Plaid — we never see your login), and transaction data necessary to service your advance.

Do you sell my data?

No. We never sell, rent, or share your personal data with third parties for marketing purposes. Data is shared only with our bank partner (Meridian Bank) as required to originate and service advances.

How long do you retain my data?

Account data is retained for 7 years following account closure, as required by federal banking regulations. You can request deletion of non-essential data at any time.

Can I export my data?

Yes. California residents have CCPA rights and all users can request a complete export of their personal data within 30 days of request.

Found a vulnerability?

We take security reports seriously. Please email our security team and we'll respond within 24 hours.

contact@benefitsfront.com