If you are reading this, it means you value your privacy and... you should. Even with more and more governments trying to push the industry towards being careful with their user's data and being transparent about what they do with it, it's still quite chaotic out there.
Oakify takes a 180° approach from the standard practices, in a few ways. This topic is so important to us that we will dive deep into the details, so hang on to your shorts.
We realize most readers aren't that interested in the details and just want to know that their data is safe, so here are the main points:
- Your data is private. We don't care about your data. We know it can be valuable, some people will say we're idiots for not using it. We don't care what other people say, we want our users to feel comfortable using Oakify. Your data is encrypted on your device and sent to us in its encrypted form (i.e. it is encrypted end-to-end). We manage your encryption key for you by default but from your profile (in the app) you can delete the key from our servers, which would make it impossible for us to decrypt and read your data, even if we really, really wanted to - which we don't;
- Your data is safe. It is encrypted on your devices, encrypted again when it transits between your devices and our servers (through HTTPS) and it is also encrypted when it is stored in our database. This should protect it from falling into the wrong hands;
In other words, you should feel safe and comfortable entering your financial information in Oakify.
Encryption At Rest
Let's start with the easy bit. The cloud database service we use is MongoDB's Atlas. They have done an excellent job at making a PaaS (Platform as a Service) that is both easy to use and safe. They switch data encryption on by default for all their databases and that's a first good step.
Read more about Atlas' encryption at rest here.
End-to-End Encryption (E2EE)
What was very obvious for us from the start, is that we needed to make sure our users would feel comfortable having their financial data in Oakify. Otherwise it would kind of not work. At all.
So the first thing we did was to give our users a way to ensure they would have total control over who has access to their data, which means providing E2EE and letting the users control the encryption key if they wanted.
Because all users don't have the knowledge or time to fiddle with encryption key management, and to simplify our sign-up process, we decided to manage that key by default (i.e. save it safely on our servers). It is however totally possible and easy for our users to have it deleted from our servers for an extra layer of privacy and piece of mind. Of course, if you asked us, we would say that it is unnecessary to manage your key yourself because we will never use your key to go and look at your data, but the option is there if you want. Just know that we will not be able to help you if you lose your key. Your data will be gone, forever.
If you do decide to manage your key yourself, we recommend using a digital safe like LastPass (not a sponsor) to keep your key safe.
Data Flow - How it Syncs
When you create your Oakify account, we generate and store the encryption key on your device.
If your key is managed by Oakify, it is sent with your "user" data (i.e. your name and email, etc) and it is then encrypted by our web server before it is stored in our database.
Every time you add a new piece of financial data to Oakify, say you update your net worth for the month, Oakify stores it on your device and also encrypts it before sending it to our server for storage.
Why send it to the servers at all? For your convenience. So that you can see your data from multiple devices seamlessly. So you could retrieve your data if you lost your devices. We could have limited the use of the app to one device per user, or found a way to extract the data locally, to a flat file that you would have to upload manually on another device, but it's clearly not the user friendliest way of syncing data in 2020 - or whenever you're reading this.
It's noteworthy that your data is not encrypted locally, on your device. This allows Oakify to be snappy despite the large amount of data to handle. We also believe local encryption to be unnecessary. However, we do recommend our users (and everyone else) to protect their devices with a password or, even better, a bio-metric key (fingerprint, facial recognition, etc). If you do a lot of surfing from an OS that requires it, consider using a full-feature antivirus suite (with firewall, etc).
When you connect to Oakify with a new device and once your are signed-in, you'll receive your data from our servers, starting with the "user" data. If your key is managed by Oakify, you'll get it as part of that "user" data. All the financial data is then sent to your device which will start decrypting your it with the key before storing it locally.
If your key is not managed by Oakify, you will be presented with an input box to key-in your encryption key that you should have previously stored in a secure way. If you don't have that key, you can still find it on your other device, in your user profile. That is if you still have access to that other device.
Sharing Your Data
We are working on a feature that will allow our users to share some data points with other trusted users. The typical scenario for this is sharing a monthly budget with a life partner.
To be able to do this without breaking the E2EE, the feature will come with a whole new encryption process. For each data set that is shared between two or more users, we will create a new encryption key, used only for that data set.
We will use an asymmetric encryption to send a new shared key to the users with whom the data is shared with. This is how it will work:
- The sharing user's device will generate the shared key for the data set;
- Upon selecting the users to share the data to, the device will fetch these user's public keys;
- The device will then encrypt the shared key with all the other user's public keys (once per user to share the data with) and send it to our servers;
- When the other users connect to Oakify, they will get the new key from our server and will be able to decrypt it with their private key.
Once all users hold the same, new shared encryption key, they can start exchanging data, totally encrypted and without ever having clear data leave their devices.
Keep an eye out for new features like monthly budgets and shared data in upcoming versions.
Getting Data From Banks
In the coming versions, we will let our users connect Oakify to their bank and brokerage accounts to get a lot of data input done automatically and to feed into new features like the monthly budgets.
This is where it gets a little tricky. We can't let the user's devices connect directly to their banks' API. The banks won't let us do that anyways, because it's not secure. So the alternative is to have that connection made from our servers, either to the bank or broker directly, or through a third party provider that has already built all the necessary connections.
This means that, with our user's consent (see Open Banking regulations in your country and third party terms), our servers will receive the data from the institutions or third party provider and it will encrypt that data with a temporary key, before storing in our database.
Then, as soon as the user connects to or opens Oakify, our servers will decrypt the new data and sent it to the user's device in clear. This would result in an immediate encryption of said data on the user's device, with their secret key, and the data that would then be sent back to the server, encrypted, to override the temporarily encrypted data. This ensures that, again, throughout the process, our users' financial data will be encrypted at least once and never stored in clear on our servers.
Note that the data we get from the institutions is read only. So you can stay assured that there is no risk of us making a payment on your behalf or shifting things around in your accounts.
Changing The Encryption Key
We are working on a feature allowing our users to generate a new key locally and re-encrypt all their data with that new key. This could be used if a user thinks their key has been compromised. The generation process will be 100% offline (client side, on our user's device) so once again, if the users want to make sure the new key never touches our servers, they can.
We are working towards getting our code to be reviewed by a firm specialized in cyber security. We want to provide the highest standard of security to our users. We will write more on that as soon as possible.
The industry leader in analytics is Google Analytics and they allow a lot of data to be collected. This has many implications both for the users and the websites.
Our approach was to not collect anything that we didn't really need and completely avoid using cookies for analytics. So we decided to use Ackee.
In their own words:
...analytics tool for those who care about privacy.
No unique user tracking. No cookies. Ackee uses a multi-step process to keep tracked data anonymized while still providing helpful analytics.
Needless to say we fell in love at first sight.
Having insight on the audience is important for any app, in an effort to improve it mostly, and so we implemented Ackee and here are the data points that we collect from visitors:
- Number of page views, which pages;
- Where the visitors came from (it's important for our marketing to know the source of our traffic);
- Duration of the visits;
- Operating system (is it more Android, Windows or iOS?);
- Devices, browser used and screen sizes (helps us make sure we support all systems our users use as all browsers don't behave the same - unfortunately);
- Languages (this is obvious but if we have many users speaking a certain language, we might translate Oakify into that language to provide a nicer experience for those users).
That's it. No geo-location, no cookies, no insight on what our user's browsing history looks like or what their hobbies are. As mentioned on Ackee's site, all the data collected is anonymized and can't be used to identify any of the visitors.
Coming soon: we will add event tracking to our analytics, so that we have a better understanding of how the app is used, but the data collected will remain anonymous and private.
If you've made it here, congratulations. Like us, you probably are concerned with how service providers like Oakify (and especially the ones providing a free service) treat your data. For us, it's a matter of respect and integrity. Making sure we don't step on your privacy is part of our mission.
Our intention in this article was to be as transparent as possible on the way we handle your data and that's hoping it will make you feel comfortable enough to use Oakify.
We know that no system is 100% safe from malicious parties and so we will continue to improve on security and privacy as often as possible. We recommend that our users follow the generally accepted best practices to keep their devices safe, because no amount of safety on our end could protect their data if their devices are compromised.