CardWiseGet the App
Trust & Safety

Security at CardWise

Last updated: 21 June 2026

Protecting your financial data is at the core of how we build CardWise. This page outlines the safeguards, frameworks, and practices we use. It is an illustrative product template and not a security certification.

01 Our Commitment

Security is not an afterthought at CardWise — it shapes every design decision. We follow a defence-in-depth approach so that your data is protected at multiple layers, from the network edge down to individual records.

02 Encryption

  • In transit — all traffic is encrypted with TLS 1.2+ so data is protected between your device and our servers.
  • At rest — sensitive data is stored using AES-256 encryption with keys managed in a dedicated key-management service.

03 RBI-Regulated Account Aggregator Framework

We access financial data only via an RBI-licensed Account Aggregator. Access is read-only and we never store your bank credentials — authentication always happens on your bank's own systems.

This means CardWise can display your information without ever being able to move money or sign in to your bank on your behalf.

04 Infrastructure

CardWise runs on hardened, industry-leading cloud infrastructure hosted in India. Environments are isolated, regularly patched, and protected by network firewalls and DDoS mitigation.

05 Access Controls

  • Role-based access with least-privilege principles for all internal systems.
  • Mandatory multi-factor authentication for employee accounts.
  • Production access is logged, time-bound, and reviewed regularly.

06 Monitoring & Audits

We continuously monitor our systems for anomalies and maintain audit logs of sensitive operations. We conduct periodic internal reviews and engage independent third parties for penetration testing.

07 Responsible Disclosure & Bug Bounty

We welcome reports from security researchers. If you discover a vulnerability, please disclose it responsibly by emailing [email protected]. Eligible reports may qualify for a reward under our bug-bounty programme.

08 Certifications

CardWise aligns its controls with leading industry standards, including ISO/IEC 27001 and SOC 2 (illustrative). We treat these frameworks as an ongoing commitment rather than a one-time milestone.

09 Your Security Tips

  • Keep your phone's operating system and the CardWise app up to date.
  • Use a device lock (PIN, fingerprint, or face unlock) and never share it.
  • Be wary of phishing — we will never ask for your bank password or OTP.
  • Revoke AA consent for any account you no longer wish to track.