Quicken LifeHub Security Statement

Overview

Quicken Inc. uses world-class security practices and infrastructure to keep your data safe.
We implement robust encryption measures, multi-factor authentication protocols, and regular security audits to help safeguard your sensitive data. We prioritize data confidentiality, providing granular control over its usage, and adhering to stringent data protection regulations to help ensure your privacy.

Securing your data in transit

All communications between you and LifeHub across the internet are encrypted using the Transport Layer Security (TLS) 1.2 or higher encryption protocol. TLS is a widely adopted security protocol designed to facilitate privacy and data security for communications across the internet. TLS encryption can help protect web applications from data breaches and other attacks.

Securing your data at rest

We use Advanced Encryption Standard (AES) 256-bit encryption. All your sensitive data and documents are encrypted to the best-in-class industry standards—the same as that used by many banks and businesses worldwide.

Sign in and multi-factor authentication (MFA)

Security is not just about protecting your data, it is also about protecting access to your account. We improve fraud defenses with dynamic threat intelligence. We also enable robust, intuitive cybersecurity & risk management with intelligence modeling and multi-factor authentication. Whenever something atypical is detected (such as signing in using a new device or location), we will send a unique code to your phone or email that you must input as part of your sign-in process.

On screen redaction

LifeHub redacts sensitive information (such as Social Security numbers) to ensure prying eyes cannot see the data on your screen. When accessing your information in public places, we recommend using a privacy screen.

California Consumer Privacy Act (CPPA)

The California Consumer Privacy Act (CCPA) of 2018 is designed to give California residents more control over the personal information that businesses collect. To view your rights, see the CCPA section of the Quicken Privacy Policy and the CCPA FAQ.

SOC 2

External auditors issue SOC 2 certifications to help ensure the security, process integrity, availability, confidentiality, and privacy of your data. We do SOC-2 Type II certifications over twelve months, every year.  These comprehensive audits examine the operating effectiveness of an organization’s controls and procedures. During this extended evaluation period, we demonstrate consistency and reliability in the control of our environments.

Cloud hosting provider

Your personal data is stored on the Amazon Web Services (AWS) cloud infrastructure. AWS is used by thousands of companies worldwide, including Netflix, Goldman Sachs, Vanguard, Sony, Johnson & Johnson, Coca-Cola, Starbucks, Toyota, Verizon, ESPN, The Walt Disney Company, and many others.  You can read more at AWS Cloud Security.

Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit, and cash card transactions and protect cardholders against misuse of their personal information. The standard’s security controls help businesses minimize the risk of data breaches, fraud, and identity theft. We complete a Qualified Security Assessor (QSA) assessment each year and submit to quarterly network vulnerability scans.

Operational procedures to keep the site secure

We share your concerns about cyber threats, such as identity theft. We revise our systems and procedures as new threats and technologies emerge. We have stringent measures to prevent unauthorized access. We deploy intrusion detection systems to monitor network traffic and identify suspicious activity, alerting administrators to potential threats. Third-party companies are hired to review and evaluate our systems and procedures. Ethical hacking companies are hired to perform sophisticated, authorized, ever-evolving cyber attacks on our systems to verify that we are keeping your data safe. 

Administrative access to your information

Every Quicken employee undergoes rigorous background checks before they’re hired. Annual security and privacy training is required to ensure they understand our commitment to keeping your information safe. Employees have access only to the data needed to perform their jobs. All requests to access production servers are logged in an access request system, reviewed, and approved. Short-term access has a scheduled end date. Role-based access is reviewed and approved periodically. Audit trails are created.

If you have questions or suspect security issues, please get in touch with Quicken LifeHub customer support.