Revised November 19, 2021
IGG Software, Inc., recognizes the importance of protecting the privacy of all information provided by users of our software. We created this policy out of a fundamental respect for our customers' right to privacy and to guide our relationships with our customers. This Privacy Statement applies to all versions of Banktivity for macOS, iOS and iPadOS.
Some versions of our software include the ability to purchase a subscription through the software itself. Purchases made this way are transmitted securely via an encrypted Transport Security Layer (TLS) to our payment processor Stripe (https://www.stripe.com). For billing purposes we collect your name, email and zip code in addition to your credit card information. This information is stored on Stripe's secure, PCI compliant servers.
Some versions of Banktivity include the ability to download account data directly from your financial institutions via the Open Financial Exchange (OFX) protocol. In order to utilize this feature, your financial institution must offer support for OFX (sometimes referred to as Direct Connect) and typically must configure your financial accounts to allow access from personal financial managers such as Banktivity. To establish a direct download connection from Banktivity, the software first contacts our website to obtain the most recent contact information for your financial institution. No information is transmitted to us during this process. Banktivity then requests the username and password provided to you by your financial institution. Banktivity transmits this information directly to your financial institution over an SSL connection at the level of encryption required by your institution, and (once your identity has been verified) downloads your account data over the same encrypted connection. Your username and password do not pass through our servers at any point in time.
Once a successful connection has been made, Banktivity saves your username in the current document file and saves your password in the macOS Keychain. The Keychain is a tool that is built into the Mac operating system which provides secure, encrypted storage for sensitive information such as passwords. For more information about the Keychain, please consult the macOS help files. These details are recorded so that you are not required to enter them each time you wish download account details from your financial institution. To remove configuration details for a direct download connection from your computer, launch Banktivity, select the account for which you want to remove the details, and choose "Disable Online Account Access" from the Account menu, then open the Keychain Access application and find and delete the password for that OFX connection.
Some versions of Banktivity include the ability to browse web pages within the Banktivity application. Banktivity's integrated web browser is built on WebKit, the same framework that underlies Safari and Chrome. WebKit provides support for all of the latest security standards, including SSL version 3, Transport Layer Security (TLS), and 128-bit SSL encryption. The specific security measures utilized by any given site are determined by the site and not the browser; for information about security measures employed by your financial institutions' websites, please contact your financial institutions.
Any information you submit through a web form, such as the login details you enter to gain access to your financial accounts, is transmitted directly to its intended destination without passing through any servers belonging to IGG Software. Banktivity does not collect or record this information in any way.
Direct Access is an optional service used by Banktivity to download transactions from your financial institutions. We partner with two different companies to provide this service, Envestnet | Yodlee and SaltEdge. Depending on which banks you try to connect to, you made end up using either or both of those companies. If you chose to use this service you will be asked for your bank login credentials to download your account and transaction data. Your bank credentials are never stored on our servers. However, depending on the type of connection (i.e. screen scraping vs direct API) your credentials may be stored with Envestnet | Yodlee's or SaltEdge's secure servers. Login details and financial information are never accessible to IGG or its employees. For more detail about the privacy and security of Direct Access, please see our support article about Direct Access security.
All versions of Banktivity store the financial data you record in one or more document files on your local device. Some Banktivity versions choose where you want to save each document file; be sure to choose a secure location in which to save your files if you wish to keep the contents private. All versions of Banktivity provide a password feature that can be used to prevent other users of your Mac, iPhone or iPad from viewing your account data. This feature does not encrypt your data, however, and will not prevent determined hackers from accessing your data. For increased security, we recommend saving your Banktivity documents in your macOS home folder and turning on FileVault, a built-in encryption feature that protects all data in your home folder. Please note that if you lose your FileVault password, the data in your home folder will be irretrievable. You can read more about FileVault in the macOS help files.
If you contact IGG Software for assistance with a technical problem, our customer support department will attempt to resolve the problem without accessing your Banktivity data. If the problem cannot be solved easily, however, they may request a copy of your data in order to continue troubleshooting the problem. In such cases, a support representative will provide you with a tool to encrypt your data file before sending it to us via email, and request that you send the password to decrypt the file in a separate email. These safety measures, while not foolproof, deter hackers by making your data indecipherable unless both emails are intercepted. Our support staff follow the same protocols when sending data files back to you. While your financial data is in our possession, it is kept on computers that are dedicated to IGG Software business use, transmitted securely between employees who are working on the problem, and deleted immediately after the problem has been resolved to your satisfaction. We do not share your financial data with third parties under any circumstances.
We reserve the right to contact you via email under certain circumstances that we consider to be of high importance. These may include, but are not limited to, changes to our privacy policies or terms of service, business decisions that affect product availability, changes in company ownership, and security breaches. We will not contact you for marketing purposes or general announcements without your prior consent.
For questions about this Privacy Statement or our information practices, please contact IGG Software support by visiting https://www.banktivity.com/support/.
Copyright ©2023 IGG Software, Inc.