Is Cloud Sync Secure?

Some versions of Banktivity include the ability to sync your financial data with our Cloud Sync server so that the data can be shared between multiple Macs and mobile devices. Using this service requires that you sign up for a free Banktivity ID, which you can read about in our website privacy policy. When we designed this service, we built security in from the ground up, never as an afterthought.

When you use Cloud Sync, your data is encrypted on your Mac or mobile device before it ever leaves. To do this, we generate a cipher and use that to encrypt the actual data, then we use a password (supplied by you) to encrypt the cipher. Only the encrypted cipher is stored on our server. We use the maximum level of encryption natively available on iOS 8, which is AES 128. The data is then transmitted to our Cloud Sync server over a secure TLS connection. The password you chose to encrypt your file is never sent to the cloud, nor are any of your bank login credentials sent to our Cloud Sync server.

Because it is encrypted before it reaches our servers, there is no way for IGG staff to access your data while it is in storage. Apple has taken a strong stance on data security in iOS 8 and 9 (see “Apple can’t decrypt your iPhone: Why it matters” at, and we proudly follow the same guiding principles. We also understand that you shouldn’t have to take our word for it, and so we hired a third party security firm to audit our service and verify that our implementation is sound (it is).

You alone hold the keys to access your private data, and if you choose, you can use Banktivity to delete your data from the Cloud Sync server at any time. If you have any other questions or concerns about our security and privacy practices, please don’t hesitate to talk to us on live chat.