We employ a number of security measures to help keep your data safe, including 256-bit encryption to protect it at rest and Transport Layer Security (TLS) to protect it in transit. In other words, your data is encrypted while it is being stored and while interacting with our servers.
We do not see or store your login credentials because we partner with trusted data aggregators, like Plaid, to connect to your financial institutions. Roi works with third party vendors who adhere to industry security standards. You can read more about Plaid's security policies on their websites.
Plaid is what's also used by Venmo, Chime, and many more financial apps as well to connect accounts.
Roi's direct OAuth integrations for Robinhood & Coinbase meet the same data security requirements. OAuth allows us to connect directly with your bank rather than importing your account and transaction data via an aggregator. We do not see or store your OAuth login credentials either.
Crypto wallets & addresses
Our crypto connections (both manual & WalletConnect) are non-custodial meaning we do not have access to your assets. Instead, we require you to sign every transaction manually with your custodial wallet when trying to execute a transaction.
Access to the portfolio and placing trades / swaps can also be gated using biometrics built into the device like FaceID and TouchID. To enable this, go into Settings -> FaceID -> Enable.
You can read more on how we handle security on our website.