Safe and Secure

Safe and Secure

Our highest priority is keeping your financial data safe and secure. We use multiple layers of security, in every component of our systems, to keep your accounts and your money safe, and your information private.


Protecting Your Data

All sensitive information is protected at rest and in transit

Data is encrypted with AES-256 with multi-layer key management, including rotating user-specific keys and salts.


Strict internal access controls - no individual at Personal Capital can ever access your credentials.

Strong Encryption

Our website's encryption is rated A by the world-renowned Qualys SSL Labs, a stronger rating than most major banks or brokerages. We stay on top of security vulnerabilities and keep up-to-date with best practices, such as:

Our servers prefer TLS 1.2, and also support TLS 1.1 and TLS 1.0

We don't allow SSLv3, RC4, or other insecure protocols or ciphers

We use ECDHE key exchange for Perfect Forward Secrecy

Fraud Detection Using Personal Capital

After linking your accounts to Personal Capital, you can use our Transactions page to look at all transactions across all accounts.


Our opt-in Daily Transaction Monitor email sends a daily list of new transactions, making it easy and fast to check for suspicious activity in your accounts.

Robust Authentication

Maintain your security. Protecting your username and password are just the start.

You must first authenticate each device that accesses your account. Before your can access your account on any new device, you'll receive an automated phone call, email, or SMS asking to confirm your identity.

Extra mobile protection on iPhone with Touch ID authentication, and mobile-only PINs on iOS and Android.

Partnering With The Industry Leader To Keep Your Credentials Safe

Benefit from our partnership with Yodlee, a financial technology industry veteran, to facilitate aggregation of your accounts. With over a decade of experience connecting with financial institutions, Yodlee provides an added layer of safety between your data and anyone who would want to access your account information. Your bank and brokerage credentials are only stored at Yodlee, not in Personal Capital's database.

Your credentials are safer in Yodlee's data center than they are in your browser!

Don't Just Take
Our Word For It

Be confident, we perform regular 3rd party security audits and test to verify whether the integrity of our systems:

WhiteHat Security performs around-the-clock security testing on our site

Our iOS apps have passed the rigorous AppSecure certification process by NowSecure

Personal Capital operates under SEC (Securities and Exchange Commission) jurisdiction and is audited for compliance with SEC cybersecurity regulations

We also use Verisign and other state-of-the-art security solutions and practices to protect our site

Internet Security Pioneers

Rest assured, when it comes to online security, there's not much we haven't seen. The entire staff at Personal Capital understands the challenges of Internet security - as well as the crucial importance of keeping you safe. Personal Capital's CEO, Bill Harris, previously co-founded PassMark Security, the company that designed the online authentication system that is now used by most of the major banks in this country.

No One Can
Touch Your Money

In the event that your Personal Capital account is ever compromised, our application design ensures that you are still safe.

You can't move your money in, out, or between any accounts you link to our dashboard. Neither can anyone else.

We never send you credentials to your browser. After linking your accounts, your credentials are stored at Yodlee and are only ever sent directly to your financial institution.