Sophtron (Sophtron Inc.) is a software company that automates the retrieval and sharing of financial data. Data is retrieved from banks, credit unions, utility companies, mortgage companies, payroll providers, credit card companies and other financial institutions when it is requested by the account owner ("Financial Account Owner"). This financial data is then shared with Software Application or Software Service Providers specified by the Financial Account Owner. Sophtron is a US Company and all data it stores is located in Amazon Web Services (AWS) data centers located in the US.
Sophtron is accessed using a Software Application, such as desktop accounting software, installed and operated by the user or through a Hosted Application, such as an online loan application or a peer-to-peer payments app (the "Applications"). These applications present their users the option to automatically retrieve their financial records. When Application users request automatic record retrieval they prove that they are the account owner by presenting valid login credentials to Sophtron. Sophtron then connects to the financial institution, verifies the credentials are valid and uses the credentials to retrieve the requested records. Sophtron then stores the financial records so that they can be accessed using the Sophtron Application Programming Interface (API). Sophtron is paid a fee for retrieving and storing the records by the publisher or host of the Application or by the Financial Account Owner. If the Financial Account Owner enables "nightly refresh" Sophtron will retrieve updated financial records each night. When the Financial Account Owner indicates they no longer need the automated records retrieval the Application uses the API to inform Sophtron. Sophtron then deletes the retrieved records and the credentials immediately. If the Financial Account Owner does not reconfirm the need for automated record retrieval every 11 months by presenting Sophtron with valid account credentials Sophtron deletes all records and credentials.
We do not generate de-identified and/or aggregated data. Sophtron does not use the financial records retrieved or the credentials provided, for any purpose other than retrieving and storing the records requested by the Financial Account Owner.
Sophtron keeps records of any difficulties in retrieving data from various financial institutions and what requests need to be made to retrieve various financial records for the purpose of improving Sophtron's service.
Sophtron does not de-duplicate or track Financial Account Owners that request records retrieval from more than one Application. If a Financial Account Owner requests the same records using more than one Application those records remain isolated. As soon as the Financial Account Owner disables automation in any one Application the associated records are deleted.
When the Financial Account Owner uses an Application to retrieve their financial records Sophtron accepts credentials that may include authentication information, such as credentials, username, password, security questions and responses, Personal Identification Numbers (PINs), multi-factor authentication responses, security tokens, and/or other information required to authenticate you to connect your Financial Account(s) through the Services. Sophtron then retrieves only the information specified by the Application that may include Account identifying information, including, account name, financial institution name, payroll provider name, account type, account ownership, branch number, account number, and routing number; Balance information, including current and available Financial Account balance; Revolving credit account information, including balance owed, due date, payment amounts and dates, transaction history, credit limit, repayment status, and interest rate; Payroll account information, including employer details, employment description, W2 and tax related information, income amount and dates paid, and amounts withheld for taxes, benefits, and insurance; Loan account information, including due dates, repayment status, balances, payment amounts and dates, interest rate, guarantor, loan type, payment plan, and terms; Investment account information, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis; Identifying information about the account owner(s), including name, email address, phone number, date of birth, and address information; and Transaction information, including merchant, amount, date, payee, type, quantity, price, location, involved securities, and a memo or description of the transaction.
Sophtron undergoes regular external audits to ensure SOC 2 Type 2 compliance. All data is stored and transmitted encrypted and all Sophtron servers are located in Amazon Web Services data centers.
Sophtron reserves the right to change this Policy at any time, and any amended Policy is effective upon posting to this Website. Application publishers and hosts are required to make every effort to communicate any significant changes to Financial Account Owners via email or notification via the Application. Your continued use of the Service will be deemed acceptance of any amended Policy.