Get started for free
All communication between your device, your servers, and Anchor is encrypted over HTTPS using industry-standard Transport Layer Security (TLS). Our infrastructure exclusively enforces TLS 1.2 and TLS 1.3 for all data transmission, with forward secrecy enabled.
We transmit HSTS (HTTP Strict-Transport-Security) headers to instruct web browsers that Anchor and all subdomains are only accessible over HTTPS. Additionally, Anchor is preloaded in major browsers' HSTS lists as an HTTPS-only site, ensuring your connections are always encrypted from the first request.
All data transmitted between your browser, device, and our servers is protected with up to 256-bit TLS encryption—the same encryption strength used by financial institutions and e-commerce platforms. We support a comprehensive range of modern ciphers to provide the highest level of encryption available based on your client configuration.
All third-party integrations we connect to our platform are required to use TLS 1.2 or higher for all data transmission. We maintain strict security standards for any external service that processes or accesses your data.
Payment information is collected and transmitted using industry-standard HTTPS-secured connections exclusively. All pages where payment details are collected enforce TLS encryption—no payment information can be entered or transmitted unencrypted.
Anchor does not store credit card numbers or bank account numbers in their original form. Payment information is transmitted directly from your app or browser to our PCI-DSS compliant payment processor. We receive a secure token in return—a cryptographic credential that authorizes Anchor to complete transactions securely without storing or exposing your payment details.
All sensitive information including banking credentials and financial account information is stored encrypted using AES-256 encryption. These encrypted credentials are stored within database systems that implement **additional encryption layers** at the storage level, providing defense-in-depth protection. Encrypted sensitive information is only accessible to internal services that require those credentials to function.
User passwords are hashed using Argon2 and are never stored in plaintext or in any decryptable format. You are responsible for maintaining a strong password and keeping it confidential.
Anchor supports two-factor authentication (2FA) to provide an additional security layer for your account. Two-factor authentication requires entry of a verification code from your mobile device in addition to your password, adding an extra layer of protection to your account.
All data is stored on US onshore servers within facilities with strict physical access controls. Access is limited to authorized personnel with documented business need. Facilities operate with:
- 24/7 monitoring and surveillance
- Restricted access protocols (badge, biometric, and audit logging)
- Climate and environmental controls
- Fire suppression and disaster recovery systems
Data storage infrastructure includes multiple encryption layers, access controls, intrusion detection, and comprehensive audit logging. All database systems employ encryption at rest to protect data even if storage media is compromised.
We access your account only to respond to support requests and only after obtaining your explicit consent. Exceptions are limited to suspected abuse or critical security incidents.
When addressing support issues, we access the minimum data necessary to resolve your problem. All employee access to customer accounts is logged and audited. We only access customer accounts in read-only mode.
Passwords are encrypted at collection, in transit, and at rest. All communications between our mobile applications and servers are encrypted using Transport Layer Security (TLS)—the industry-standard security protocol providing the highest level of protection available.
We do not store sensitive information—such as credit card numbers, banking credentials, or personal identification data—on mobile devices.
We've implemented a comprehensive internal risk system combining multiple security tools and threat intelligence to protect your business and customer transactions from fraud. Our platform integrates several third-party security and anti-fraud service providers, creating a layered approach to risk detection.
Our dedicated team of risk analysts continuously monitors anomalous and high-risk transaction patterns to maintain platform security and integrity.
Our team provides expert guidance on industry best practices for transaction processing and information collection to help protect your business from chargeback disputes. In the event a chargeback occurs, our experienced specialists can assist in building a comprehensive defense case using available evidence and documentation.
Connections that Anchor establishes with your financial institutions for transaction importing are configured as read-only. No modifications can be made to your accounts through Anchor.
Anchor does not store or retain passwords for any third-party integrations, bank accounts, payment cards, or external tools accessed through our platform. Credentials are used only for establishing secure connections and are never persisted.
________________________________________
Questions about Anchor's Security?
If you have additional questions about our security practices or data protection measures, please contact us. We're happy to provide detailed information about the comprehensive steps we take to protect your sensitive information.
