We take the security of your financial data seriously. Here's everything we do to keep it safe.
Security is built into every layer of Northlane — from how we store your data to how we connect to your bank.
All data is encrypted at rest and in transit using 256-bit AES encryption — the same standard used by banks and government agencies. Your data is unreadable to anyone without the proper decryption keys.
Northlane connects to your accounts via Plaid using read-only credentials. We can see your balances and transactions, but we can never move money, initiate transfers, or make any changes to your accounts.
Protect your Northlane account with two-factor authentication (2FA). Even if someone gets your password, they can't access your account without the second factor.
Northlane runs on enterprise-grade cloud infrastructure. Our PostgreSQL database (Neon) is encrypted at rest and access is restricted to authorized systems and personnel only.
We conduct quarterly reviews of our security practices, access controls, and retention policies. We stay up to date with the latest security standards and best practices.
Our AI monitors your account for unusual activity and alerts you immediately if something looks suspicious, giving you an extra layer of protection.
We use Plaid — the industry-leading financial data network — to securely connect your bank accounts. Plaid is used by thousands of fintech companies including Venmo, Robinhood, and Coinbase.
Critically, Plaid provides read-only access. Northlane can see your account data to power budgeting and insights, but can never move money or make changes of any kind.
Read-Only Access
We can see your data.
We can never touch your money.
We follow strict privacy-first principles across everything we do.
Your financial data is yours. We do not sell, rent, or share it with third parties for advertising or any commercial purpose.
We only collect what we need to provide the service. We don't gather unnecessary personal information and regularly review what we store.
You can request full deletion of your data at any time via your account settings or by emailing [email protected]. Deletion is completed within 30 days.
All backups are encrypted at rest. Access is restricted to authorized administrators only, and expired backups are automatically purged.
If our security or privacy practices ever change materially, we'll notify you by email before those changes take effect.
If you discover a vulnerability or security concern, please report it responsibly. We take all reports seriously and will respond promptly.
[email protected]Your financial data deserves the best protection. That's what we deliver.