Security

Security you can bank on.

We take the privacy and security of your money seriously, and protect it with the highest standards available. Working with Kapytl means peace of mind.

Your data, protected

Encrypted end to end and hosted on SOC 2 Type II certified infrastructure, with continuous monitoring and audit logs.

Secure bank connections

We connect your accounts through Plaid, the same service used by Venmo and Robinhood. We never see or store your bank login.

You stay in control

Read-only access to your accounts, so we can never move your money. Export your full data anytime. No lock-in, ever.

Standards

Meeting or exceeding industry standards

Kapytl runs on SOC 2 Type II certified cloud infrastructure, audited by independent third parties, with continuous monitoring and intrusion detection.

SOC 2 Type II256-bit SSL in transitAES-256 at restPlaid-securedUS data centersRead-only access
Bank connections

Kapytl and Plaid

Your accounts connect through Plaid, a trusted, SOC 2 compliant service used by leading fintechs. Data moves over TLS and is encrypted at rest with AES-256. Kapytl only ever has read-only access.

  • We never see or store your bank login
  • Read-only, so we can never move your money
  • Bank-grade encryption end to end
Upload a CSV or PDF bank statement in Kapytl
Connect your bank securely with Plaid in Kapytl
AI

Responsible use of AI

Your financial data is never used to train public AI models.

AI runs in secure, US-based cloud environments.

Only you can see your books. Your numbers stay yours.

Always maintaining safety

Every byte between your browser and Kapytl is encrypted in transit with 256-bit SSL. Data at rest is encrypted with industry-standard AES-256.

Kapytl runs on SOC 2 Type II certified cloud infrastructure with continuous monitoring, audit logging, and intrusion detection.

Kapytl pulls transaction data only. We cannot move money, change account settings, or initiate transfers. Read access only, always.

Brokerage accounts use role-based permissions. Owners, admins, accounting staff, and agents each see only what their role allows.

Every e-signed document is legally binding under the U.S. ESIGN Act and UETA, and carries a timestamped audit trail with signer identity, IP, device, and a completion certificate.

All Kapytl customer data is stored in US data centers. We do not transfer or process your data outside the United States.

You own your data. Export your full transaction history, deal files, and reports anytime, in standard formats. No lock-in.

Security questions or a vulnerability to report?

Email security@kapytl.com. We respond to security reports within one business day.