We connect to your financial accounts. That means security isn't a checkbox — it's the foundation everything else is built on. Here's exactly how we protect you.
We connect via Plaid, which gives us read-only access to your accounts. Mogul Bay cannot initiate transfers, make payments, or modify your accounts in any way.
Your banking credentials are encrypted and handled entirely by Plaid — they never touch Mogul Bay's servers. We receive only tokenized access.
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Your data is never readable in plain text at any point in our infrastructure.
Our support team can see your account connection status and metadata needed to help you. They cannot see your balances, transactions, or account numbers — ever.
Mogul Bay is hosted on AWS, with infrastructure deployed in US-East and US-West regions for redundancy. We use isolated VPCs, private subnets, and strict security group policies to limit attack surface.
If you discover a security vulnerability, please report it to [email protected]. We'll acknowledge receipt within 24 hours and work with you to remediate promptly. We do not pursue legal action against good-faith security researchers.
Please do not publicly disclose vulnerabilities until we've had a reasonable opportunity to respond.