Your safety is
our priority.

Learn more about how Stash keeps you safe,
plus additional ways you can keep your
Stash account secure.

SEC-Registered

We promise to act in your best interests.

Stash is a registered investment adviser with the US Securities and Exchange Commission (SEC).

While such registration does not imply a certain level of skill, it does require us to follow federal regulations that protect you, the investor. By law, we must provide investment advice that is in the best interest of our clients.

Is Stash Safe?

We take steps to protect your money on Stash.

Investing does involve risk but no matter what, your investments on Stash are your investments.

Custodial holding

Your investments are held by our trusted partner and custodian Apex Clearing Corporation, a third-party SEC registered broker-dealer and member FINRA/SIPC.

Apex Clearing is a member of the Securities Investor Protection Corporation (SIPC). This means your investments in your account are protected up to $500,000 total (including $250,000 for claims for cash11). For details, please see www.sipc.org.

Using the FDIC-insured Sweep Program

For uninvested funds, your Stash account is enrolled in something called the Apex FDIC-insured Sweep Program.

Deposits to the Sweep Program are covered by FDIC insurance up to $250,000 limit per customer at each FDIC-insured bank that participates in the Sweep Program. Once your cash is deposited with the participating banks under Sweep Program, such cash will no longer by covered by SIPC. Learn about the FDIC Sweep Program.

Stash also offers FDIC-insured bank accounts12 through Green Dot Bank.

11 To note, SIPC coverage does not insure against the potential loss of market value.
12 Account opening of the debit account is subject to Green Dot Bank approval.

Certifications

Stash security is PCI
DDS compliant.

Stash handles sensitive financial customer data, so we’ve taken steps to secure critical systems and information. Stash has been audited by an external third party to validate compliance with the Payment Card Industry Data Security Standard (PCI DSS).

This standard evaluates all technical controls to ensure that card data is protected and secured from malicious attackers.

Stash Financial Inc. RSI PCI DSS Certificate

Features

Learn more about our security features.

256-bit encryption

We use encryption to protect and secure all of your information, from personal data (like your social security number) to your transaction history.

Bug Bounty Program

We partner with world class security researchers through our private bug bounty program, helping protect the Stash app.

Transport Layer Security (TLS)

Our mobile and web applications use the latest Transport Layer Security protocol to protect your information when communicating with Stash.

Biometric recognition

You have the option to use biometric recognition (such as a fingerprint or facial scan) to access your account.

Access control

Stash uses session end-timers and log-in thresholds to prevent unauthorized access to your account. Stash also offers two-factor authentication to all active debit account customers for additional security.

Cutting-edge technology

We constantly monitor the latest security technologies to make sure that our systems are up to date and comply with industry best practices.

Security whitepaper

Want to know more? Read our whitepaper for in-depth look at how Stash ensures the security of your data in our care.

Read the Security whitepaper

Protect yourself

We encourage you to take these additional
steps to secure your account.

How to improve your password security:

  • Do not create passwords that can be easily guessed, such as your birthdate.
  • Do not use common names and/or numerical sequences as passwords. Examples include: pets, children, social security number, name, address, phone number, username, social media information, 1234, 1111, etc.
  • Do not share your passwords with anyone.
  • Avoid using the same password for multiple institutions/accounts/sites.
  • Always use strong passwords. The most secure passwords are long (12+ characters) and combine uppercase and lowercase letters, numbers, and special characters (!?#@).

How to practice web safety:

  • Sign into your Stash account via stashinvest.com or the Stash mobile application.
  • Only download our mobile application from the iOS App Store and Android Play Store
  • Do not click links or open attachments from unknown parties.
  • Be suspicious of emails from people or companies that are unfamiliar.
  • Avoid using public wifi or internet (hotels, cafes, etc.) to access your accounts
  • Look for the ‘https://’ and lock symbol to verify a website is secure, as seen below:
  • To protect your Stash account, always log out after a session and close your browser.
  • Use two-factor authentication (also known as multi-factor authentication) if they are available to you.

How to protect your equipment:

  • Make sure all software and applications are up to date.
  • Install and use anti-virus and firewall software.
  • Never leave your devices unlocked or unattended.
  • Only download files from sources you trust.

Contact

We’re here if you need us.

Please contact Stash if you suspect you are a victim of fraud, identity theft, or with any other questions or concerns.
We’re always here to help.

Tel: (800) 205-5164

Monday - Friday |
8:30AM–6:30PM ET

Saturday - Sunday |
11:00AM–5:00PM ET

You can also email us at [email protected]
or write to us here.
We’re available every day, 24/7.

FAQ

Browse additional resources and frequently asked questions.

View all security FAQs

Is it safe to link my bank account to Stash?

Stash follows the highest standards for data protection employed by financial firms and the financial services industry worldwide.

That includes using something called 256-bit encryption to secure your information, including personal data and fund purchase history. Stash further secures your account with Secure Socket Layer (SSL) technology, which ensures any information sent between the Stash App and its servers is protected.

What about Stash having access to my bank account?

Stash will never withdraw funds from your checking or savings account without your consent. In order to purchase any of the investments offered through Stash, you need to link a bank account to transfer funds and to make your desired fund purchase.

If you have more questions about whether it’s safe to link your bank account to Stash, send us an email. You can also read more about Stash’s security protocols here.

Is my personal information secure?

Stash employs 256-bit bank-grade encryption to secure all your information, from personal info to purchase history and more. Stash uses Secure Sockets Layer (SSL) to ensure any information sent between the Stash app and our servers is protected

Is Stash regulated?

Yes, Stash is a Registered Investment Adviser. All Registered Investment Advisers (RIAs) are regulated by the Securities and Exchange Commission (SEC).

Is my money safe?

When you use Stash, your information is encrypted and stored on secure servers, and your funds and securities are held with your security in mind.

Your current investments are covered up to a maximum of $500,000 total, including $250,000 in cash balances through the Securities Investors Protection Corporation (SIPC). But SIPC coverage does not insure against the potential loss of market value. For uninvested funds, your Stash account is enrolled in something called the Apex FDIC-insured Sweep Program. And here are the details:

Stash accounts are enrolled in an interest-bearing Federal Deposit Insurance Corporation (FDIC) insured Sweep Program (“Sweep Program”) offered through our clearing firm, Apex Clearing Corp. Uninvested Cash in your Stash account will automatically be transferred into the Sweep Program and will earn interest based on the amount and duration of deposits and applicable interest rates. Deposits to the Sweep Program are covered by FDIC insurance up to the $250,000 limit per customer at each FDIC-insured bank that participates in the Sweep Program.

Once your cash balances are deposited with the participating banks under the Sweep Program, they will no longer be covered by SIPC.

Please ensure that you read the Terms and Conditions of the Sweep Program carefully. As with all investments, you should consider carefully if the Sweep Program meets your investment objectives.

Why does Stash need my social security number?

The Patriot Act requires all financial institutions to obtain, verify, and record information that identifies each person opening an account. We also require your Social Security number to issue you a tax reporting form at the end of the year. Your Social Security number is only used to verify your identity. Stash does not perform a credit check.

How does Stash use my personal information?

You have the right to control how we use your information. Please read our Privacy Policy to learn how we collect, share, use, and protect information when you visit or use our services. Stash’s Privacy Notice also explains how your information is used by us.

Want more information?
You can use these additional resources.

Department of Homeland Security

Additional information and tips on cyber security.

Learn more

Internet Crime Reporting Center:

How to file an internet crime complaint with the FBI.

Learn more

Federal Trade Commission

More information about internet security, identity
theft, and scams.

Learn more

FTC (Password Strength)

Additional information on the importance of
password strength.

Learn more

FCC (Protecting Mobile Devices)

Learn more about how you can protect your mobile device.

Learn more

Free Credit Report

Go here for a free annual credit report.

Learn more