Revised November 19, 2021
IGG Software, Inc., recognizes the importance of protecting the privacy of all information provided by users of our software. We created this policy out of a fundamental respect for our customers' right to privacy and to guide our relationships with our customers. This Privacy Statement applies to all versions of Banktivity for macOS, iOS and iPadOS.
Some versions of our software include the ability to purchase a subscription through the software itself. Purchases made this way are transmitted securely via an encrypted Transport Security Layer (TLS) to our payment processor Stripe (https://www.stripe.com). For billing purposes we collect your name, email and zip code in addition to your credit card information. This information is stored on Stripe's secure, PCI compliant servers.
All versions of Banktivity require you to setup your own Banktivity ID. Your name and email are required to setup your Banktivity ID. To establish a Banktivity ID, we collect your name and email address, then ask you to choose a username, password, and security questions and answers to protect your account. All of this information is transmitted securely via an encrypted TLS connection and stored on secure servers that can only be accessed by you and server administrators. Any time you log in to access your Banktivity ID, whether by our website or by one of our software products, the authentication process is conducted over an encrypted TLS connection. For more information about Banktivity ID's, please read our website privacy policy.
All versions of Banktivity include the ability to automatically check for updates. When this feature is enabled, Banktivity will communicate with our website each time it is launched to obtain the version number of the most recent software release and compare it against its own version number. When a newer version is found, Banktivity will alert you that an update is available for download from our website. No information is sent to IGG Software during this process, although the communication with our website is logged like any other visit to our site (see our website privacy policy for details). Automatic update notifications can be disabled by choosing "Preferences" from the Banktivity menu and unchecking the appropriate setting.
Some versions of Banktivity include the ability to download account data directly from your financial institutions via the Open Financial Exchange (OFX) protocol. In order to utilize this feature, your financial institution must offer support for OFX (sometimes referred to as Direct Connect) and typically must configure your financial accounts to allow access from personal financial managers such as Banktivity. To establish a direct download connection from Banktivity, the software first contacts our website to obtain the most recent contact information for your financial institution. No information is transmitted to us during this process. Banktivity then requests the username and password provided to you by your financial institution. Banktivity transmits this information directly to your financial institution over an SSL connection at the level of encryption required by your institution, and (once your identity has been verified) downloads your account data over the same encrypted connection. Your username and password do not pass through our servers at any point in time.
Once a successful connection has been made, Banktivity saves your username in the current document file and saves your password in the macOS Keychain. The Keychain is a tool that is built into the Mac operating system which provides secure, encrypted storage for sensitive information such as passwords. For more information about the Keychain, please consult the macOS help files. These details are recorded so that you are not required to enter them each time you wish download account details from your financial institution. To remove configuration details for a direct download connection from your computer, launch Banktivity, select the account for which you want to remove the details, and choose "Disable Online Account Access" from the Account menu, then open the Keychain Access application and find and delete the password for that OFX connection.
Some versions of Banktivity include the ability to browse web pages within the Banktivity application. Banktivity's integrated web browser is built on WebKit, the same framework that underlies Safari and Chrome. WebKit provides support for all of the latest security standards, including SSL version 3, Transport Layer Security (TLS), and 128-bit SSL encryption. The specific security measures utilized by any given site are determined by the site and not the browser; for information about security measures employed by your financial institutions' websites, please contact your financial institutions.
Any information you submit through a web form, such as the login details you enter to gain access to your financial accounts, is transmitted directly to its intended destination without passing through any servers belonging to IGG Software. Banktivity does not collect or record this information in any way.
Some versions of Banktivity include the ability to sync your financial data with our Cloud Sync server so that the data can be shared between multiple Macs and mobile devices. Using this service requires that you sign up for a Banktivity ID, which you can read about in our website privacy policy. When you use Cloud Sync, your data is encrypted on your Mac or mobile device using a password that you provide, then transmitted to our Cloud Sync server over a secure connection. Because it is encrypted before it reaches our servers, there is no way for IGG staff to access your data while it is in storage, and you can use Banktivity to delete your data from the Cloud Sync server at any time. We do not share your synced data with third parties under any circumstances. Cloud Sync data that has not been used or accessed for a long time will be purged.
Direct Access is an optional service used by Banktivity to download transactions from your financial institutions. We partner with two different companies to provide this service, Envestnet | Yodlee and SaltEdge. Depending on which banks you try to connect to, you made end up using either or both of those companies. If you chose to use this service you will be asked for your bank login credentials to download your account and transaction data. Your bank credentials are never stored on our servers. However, depending on the type of connection (i.e. screen scraping vs direct API) your credentials may be stored with Envestnet | Yodlee's or SaltEdge's secure servers. Login details and financial information are never accessible to IGG or its employees. For more detail about the privacy and security of Direct Access, please see our support article about Direct Access security.
You can read more about Envestnet | Yodlee's privacy policy here and SaltEdge's policy is here.
All versions of Banktivity store the financial data you record in one or more document files on your local device. Some Banktivity versions choose where you want to save each document file; be sure to choose a secure location in which to save your files if you wish to keep the contents private. All versions of Banktivity provide a password feature that can be used to prevent other users of your Mac, iPhone or iPad from viewing your account data. This feature does not encrypt your data, however, and will not prevent determined hackers from accessing your data. For increased security, we recommend saving your Banktivity documents in your macOS home folder and turning on FileVault, a built-in encryption feature that protects all data in your home folder. Please note that if you lose your FileVault password, the data in your home folder will be irretrievable. You can read more about FileVault in the macOS help files.
If you contact IGG Software for assistance with a technical problem, our customer support department will attempt to resolve the problem without accessing your Banktivity data. If the problem cannot be solved easily, however, they may request a copy of your data in order to continue troubleshooting the problem. In such cases, a support representative will provide you with a tool to encrypt your data file before sending it to us via email, and request that you send the password to decrypt the file in a separate email. These safety measures, while not foolproof, deter hackers by making your data indecipherable unless both emails are intercepted. Our support staff follow the same protocols when sending data files back to you. While your financial data is in our possession, it is kept on computers that are dedicated to IGG Software business use, transmitted securely between employees who are working on the problem, and deleted immediately after the problem has been resolved to your satisfaction. We do not share your financial data with third parties under any circumstances.
We reserve the right to contact you via email under certain circumstances that we consider to be of high importance. These may include, but are not limited to, changes to our privacy policies or terms of service, business decisions that affect product availability, changes in company ownership, and security breaches. We will not contact you for marketing purposes or general announcements without your prior consent.
For questions about this Privacy Statement or our information practices, please contact IGG Software support by visiting https://www.banktivity.com/support/.
Copyright ©2024 IGG Software, Inc.