Security of your data is our major concern and we appreciate your trust in our service. We rely on our previous experience in building large systems with demanding security requirements.

The Bank Control™ service is protected in a number of ways:

  • The Bank Control service and web site are deployed on Amazon Elastic Compute Cloud with high level of physical security. Many companies trust Amazon EC2 with their information.
  • Our service platform has been hardened and protected with firewall. It does not expose any network interfaces which can be used for an intrusion from outside and does not provide access to its database from outside.
  • You will be notified via email when an unauthorised attempt to highjack your profile has been detected. We also lock your profile temporarily when such an attempt has been detected to prevent simple password generation attacks.
  • Only our authorised personal have access to the Bank Control server.
  • We don't share personal information with any third parties, although we may share depersonalised statistical data.
  • The technical log files and audit records do not contain passwords and are kept for short time only.
  • We backup our service database every night and extra redundancy will be introduced after completion of the pre-release phase.

Information We Keep

We are very open about the information we keep about you. We want you to be able to make an informative decision whether to use our service or not.

We keep minimum information about you and your activities:

  • Information you provide during profile registration, such as names and email address.
  • We know what providers you use, although we don't know what accounts you hold.
  • We know what types of devices you use. This information is recorded when you register a device.
  • We keep audit information for a few months. You can see this information by going to the My Profile/Audit Viewer section on the Bank Control web site.
  • We keep a technical log for a number of days, but this log does not contain authentication details and can be seen by our authorised personal from the UK only.

Information We Don't Keep or Can't Use

The following information is either unusable or we don't keep it:

  • Your service and transaction passwords which are one way encrypted and therefore can't be reinstated.
  • Login details you specify for access to provider's Internet banking. This information is encrypted and only part of the resulting data is kept in the service database. Your login details can't be reinstated from this data.
  • We don't keep information about your accounts or what types of accounts you have. We use one way hash matching algorithms to match accounts when needed but we don't keep your account numbers or types.