Security at Maxint

Maxint is built on trusted platforms by thousands of financial institutions for building and deploying secure applications.

Data encryption

All customer data is encrypted at rest with AES-256 and in transit via TLS. Sensitive information like access tokens and keys are encrypted at the application level before they are stored in the database.

Multifactor authentication

Maxint does not require or store passwords. Access for customers requires mandatory two or more pieces of evidence:

1. something you know (magic link sent to your email),
2. something you have (authenticator passcode), or
3. something you are (biometric)

Bank connections

Maxint uses Teller to link your bank accounts and does not store credentials for any of our customers.

Teller is SOC 2 Type 2 compliant, the gold standard for security compliance.

Payment processing

Maxint uses RevenueCat and Stripe to process payments and does not store personal credit card information for any of our customers.

RevenueCat is SOC 2 Type 2 compliant, committed to adhering to the highest security standards.

Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.

Vulnerability Management

Maxint works with industry experts to conduct regular penetration tests.

In addition to internal security reviews, we use various tools to scan our code for vulnerabilities including GitHub, Vanta, and Snyk.

DDoS Protection

Maxint combats Distributed Denial of Service attacks with protection at the CDN level via Cloudflare to mitigate resource abuse and to ensure availability.

SOC 2 & HIPAA

Maxint uses Supabase Postgres database to store customer data.

Supabase is SOC2 Type 2 and HIPAA compliant. This is an important security policy when handling sensitive customer data.