Privacy and security first.

We understand that by using Roi, you are trusting us with your data. That’s why we treat your personal and financial data like we’d want ours to be treated. Below, you‘ll find the principles that guide our approach to privacy and security.

Access

We believe that you should have access to and control over your data.

Your personal Roi financial account data, such as positions, are only accessed by the Roi team when necessary to provide the Roi services, like when you request support for a bug. We use aggregated and anonymized data for internal analytics and business purposes – you can read our Privacy Policy for more information.

We employ a number of security measures to help keep your data safe, including 256-bit encryption to protect it at rest and Transport Layer Security (TLS) to protect it in transit. In other words, your data is encrypted while it is being stored and while interacting with our servers. And we do not see or store your bank login credentials because we partner with trusted data aggregators, like Plaid, to connect to your financial institutions. Roi works with third party vendors who adhere to industry security standards. You can read more about Plaid's security policies on their websites.

Roi's direct OAuth integrations for Coinbase meet the same data security requirements. OAuth allows us to connect directly with your bank rather than importing your account and transaction data via an aggregator. We do not see or store your OAuth login credentials either.

When you connect your wallet, we do not have access to your assets. Instead, we require you to sign every transaction manually with your custodial wallet when trying to execute a transaction.

Retention

You can delete your Roi account at any time from the Settings -> Get help, or by emailing us at company@getroi.app. If you delete your account, we do not keep any of your linked financial data or Roi account data (email address, etc.), except in the limited circumstances where required by law, to resolve disputes, protect Roi and our users, and enforce our agreements. Where Roi has no such obligations, the data will be completely removed from all our internal systems, including backups, within 60 days.

Top security infrastructure

Roi’s infrastructure is built on the Google Cloud Platform (GCP), which is used by leading financial companies worldwide. GCP adheres to industry standard security, privacy and compliance controls, including:

• ISO/IEC 27001, 27017 and 27018
• SOC 1/2/3
• PCI DSS
• CSA STAR

We use Multi-Factor Authentication (MFA) on all internal systems and incorporate MFA support and mobile device management into our company devices.

We also regularly verify our data and product is safe & secure.

We don't sell your data

Our only focus is on building tools that help you improve your portfolio. We respect your privacy, so we give you transparency and control over your data and keep it private. We do not sell your personal data to third parties.

Contact Us

If you have any questions about this page, you can contact us:

• By email: contact@getroi.app
• By visiting this page on our website: https://help.getroi.app/en/