Security

Investwizz handles financial account data, portfolio information, and personal data. We treat security as foundational, not an afterthought. This page explains how we protect your data and what you can do to keep your account safe.

We do not overstate our controls. Where we describe something as a principle or posture, that is what it is — not a certified guarantee.

Access to your Investwizz account is protected by authentication controls. We recommend using a strong, unique password that you do not reuse across other services.

If you believe your account has been accessed without your authorisation, notify us immediately at help@investwizz.co.uk. We will investigate and take steps to secure your account.

Investwizz staff will never ask you for your password or authentication codes. If you receive a request of this kind, do not respond and contact us immediately.

Data transmitted between your device and Investwizz is encrypted in transit using TLS (Transport Layer Security). Data stored within our systems is encrypted at rest.

We do not store your banking credentials. When you connect a financial account via Open Banking, your login details go directly to your bank. Investwizz only receives the read-only data your bank returns, not the credentials you used to authorise access.

For full details on how we collect, use, and retain personal data, see our Privacy Policy.

Investwizz connects to your financial accounts using FCA-regulated Open Banking infrastructure. This connection is read-only. We can view your transaction and balance data to power your portfolio view, but we cannot initiate payments or move funds.

You can revoke any connected account at any time from within the app. When you revoke a connection, access is terminated immediately.

We do not share your Open Banking data with third parties for marketing or advertising purposes.

Internal access to user data within Investwizz follows a least-privilege principle. Team members can only access the data necessary for their specific role. Access to sensitive systems is logged and reviewed.

Access rights are reviewed periodically and revoked when no longer required.

Our systems are monitored continuously. We maintain an incident response process that covers detection, containment, investigation, and recovery.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours as required under UK GDPR, and notify affected users where required.

If you discover a potential security vulnerability or have a concern about how your data is being handled, please contact us at help@investwizz.co.uk.

We ask that you give us a reasonable opportunity to investigate and address the issue before disclosing it publicly. We will acknowledge all reports and keep you informed of our response.

For general account support or other enquiries, contact us at help@investwizz.co.uk.