Your security is our highest concern.

We do not store any bank account credentials or information on our platform.  We authenticate directly with banks via secure, trusted third-party infrastructure providers including Plaid and Stripe:



Separate access controls are enforced at each layer of infrastructure. Multi-factor authentication is required for access to our infrastructure providers' environments. All application and user access logs are stored centrally and monitored by our infrastructure providers.



Crumb’s infrastructure partners regularly undergo both internal and external network penetration tests, and third-party code reviews. Those partners have also completed a SOC 2 report.



Crumb partner APIs only allow client requests using strong TLS protocols and ciphers. Communication between partner API infrastructure and financial institutions is transmitted over encrypted tunnels. All client communication with partner APIs utilize cryptographically hashed headers and timestamps to verify authenticity.


Crumb also utilizes industry-leading security tools to detect intrusion attempts, block attacks, and meet compliance requirements on OWASP Top 10, SOC2, GDPR, and PCI.

© 2021 Crumbraise, Inc. All Rights Reserved.