How TrueLayer handles security details:

Security Schema
  1. An end-user shares their login credentials with TrueLayer through a secure TLS channel.
  2. TrueLayer generates a unique key (different for each set of credentials)
  3. The credentials are enciphered using AES-256
  4. The unique key is embedded in the JWT token that is returned back to the application and never stored by TrueLayer.
  5. The application submits the Access Token as part of a data request to TrueLayer.

This means that even if our Credentials Store is breached, the privacy of credentials will not be compromised.

If you have any questions about the security we use at TrueLayer, please contact us by email: