FAQ > Security
Please outline what security measures you take to protect End User data ?
We have implemented the industry standard oAuth 2.0 authentication and authorisation model. When using TrueLayer, an application will never need to access or store credentials or security details, but instead simply redirect the end-user to our secure and customisable “Authorisation Dialog” and receive Tokenised Access to the customer’s data. Our authentication model includes fine-grained permissions and explicit consent. The end-user will:
- Be redirected from the Application to TrueLayer;
- Select their bank among the different banks and providers that we support;
- Securely share login credentials, without disclosing them with the recipient application;
- Grant fine-grained permissions to the application;
- Provide explicit user consent through a streamlined user experience.
- Never accessible by the Application (TPP);
- Never accessible by TrueLayer;
- Always encrypted while in flight and at rest.
Do you have a Security Policy ?
Yes we do. At TrueLayer, security is of paramount importance to us. We have implemented a robust security programme at TrueLayer to ensure that any data or payment information we receive and transmit, are done within our stringent controls. Further, as part of our obligations for our license, we are required to adhere to regulatory standards, of which security is one.