We Secure Your Data

We do not compromise on keeping your data safe. Period. We believe that data security and user privacy are an absolute requirement of working in technology..

Here's How:

Every application decision we make is scrutinized to make sure we are strengthening our data security. Here are some of the many steps we take to ensure your data is secure.

Application Security

Encrypted Password and Credentials

We encrypt passwords using a one-way hashing algorithm called bcrypt. Once a password is encrypted, we are unable to decrypt it. In other words, we have no idea what your password is!

Strict User Permissions

We have a structure of strict user permissions in place to prevent any user from having access to another user's data without permission. Rabbu employees will only have temporary access to your data when it is necessary to complete their job function.

Integration Security

Your provider password is not stored.

We do not store your password that you use to connect a provider account. After you initially connect a provider your credentials are forgotten by our system.

Instead we are authenticated by the provider using a token provided by the provider during the initial connection.

That token looks something like this kXXo0uBicaR6057frcskb9pOLfFJ4uFq.

But we don't store the token in that form either! We first encrypt the token using a private key, then store the result, which looks something like this:

kom788qw9ndt5fig21tm22sj3hrqc6wbfi0advr883un2cuylrut9v14ayja8xzoiue2gltgsb37t4xveexnhwh1lnpanyuajfigucuuuyrg27fnzpmg2i997w4uxghtdp3el7t9wj2gdbzt0eknywixy2smncjul8519yfagqfwdhdhajucnu29pp7e2g47trvexclqlq3jxgmmrez1amagc2fiq4qut9f7c5fidh8xtpai7z3xecoiiv84pz53a4d5cdloruuw68r0tsbd5h16nrm4mv09rgszg61f0k3br0qwopty131ilri4zqu8yw2le34y5mqe49uif1afwzpakk1mcdssi0556hb0lppd442lar2wbiybj6hl8xdmyrzxwt71yihkc2f8nl9sm0wc1wrrpbfld8wo9da37732s0ndkc331hf4cdrnk85sh4i2shg1il3xlnbzw98iqe5ekrs7ah25r0nlerbzlav2o0hbpyzgk3ld2cnguovu

An encrypted token will not successfully authenticate with a provider.

Your API Keys are Encrypted.

Any API keys used to connect a provider account are encrypted before they are stored in our database.

What this means for you:

  • We do not store your credentials.
  • We cannot change your provider account password.
  • If you change your provider account password or delete the API keys you connected with we will no longer have access to your data.

Payment Security

In compliance with PCI-DSS requirements, we do not process or store any credit card information. No payment method information like credit card number ever hits our servers. 

All payments made to Rabbu are handled through our financial partner Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.

Did this answer your question?