How TrueLayer handles security details:

Security Schema
  1. An end-user shares their login credentials with TrueLayer through a secure TLS channel.
  2. TrueLayer generates a unique key (different for each set of credentials)
  3. The credentials are enciphered using AES-256
  4. The unique key is embedded in the JWT token that is returned back to the application and never stored by TrueLayer.
  5. The application submits the Access Token as part of a data request to TrueLayer.

This means that even if our Credentials Store is breached, the privacy of credentials will not be compromised.

TrueLayer leads the way in Enterprise security

We adhere to and comply with privacy, security and regulatory requirements, and are registered with the ICO, the FCA and are certified as ISO27001 compliant.

If you have any questions about the security we use at TrueLayer, please contact us by email:

Back to top