Is Upside Safe to Link Bank Account?

Upside is a cashback application designed to provide users with savings on everyday purchases, such as gas, groceries, and dining. A common consideration when engaging with financial applications involves the safety of linking personal financial accounts, particularly bank accounts. Understanding the measures an application takes to protect user data is important for making informed decisions about its use.

How Upside Links to Bank Accounts and What Data It Accesses

Upside facilitates the connection to user bank accounts through third-party financial data aggregators like Plaid. These aggregators act as a secure intermediary between your bank and the Upside app. This means Upside does not directly store your bank login credentials.

Once linked, Upside accesses specific types of transaction data from your connected accounts. This data typically includes details like the merchant name, the transaction amount, and the date of the purchase. The application requires this information to identify and verify eligible purchases that qualify for cashback rewards. Upside does not access or store highly sensitive financial details, such as your full bank account balances, Social Security numbers, or complete credit card numbers.

Upside’s Data Protection and Privacy Measures

Upside employs various security protocols and privacy measures to safeguard user data. For data in transit and at rest, the company utilizes encryption technologies, including AES-256 and TLS 1.2 minimums. Additionally, tokenization is employed, which replaces sensitive data with a unique, non-sensitive substitute that has no intrinsic value.

The company maintains a privacy policy that outlines its practices regarding the use and sharing of user data. Upside explicitly states it does not sell users’ personal information or transactional data. For analytical purposes, data may be anonymized or aggregated, meaning it is processed in a way that removes personally identifiable information, allowing for analysis without compromising individual privacy. Upside is also certified with ISO/IEC27001, an international standard for managing information security. Furthermore, their third-party payment processing partners, who handle full credit card data, comply with Payment Card Industry Data Security Standards (PCI DSS).

Upside implements strict access controls, ensuring that employees and contractors are granted access to data only on a need-to-know basis and with the least necessary privileges. Multi-factor authentication is required for internal access. All account activity is logged, monitored, and reviewed to detect and prevent unauthorized access or potential data breaches.

Linking Options for Upside Rewards

For users who may prefer alternatives to linking a bank account, Upside offers the option to link individual credit or debit cards directly. This method still enables users to earn cashback rewards on eligible purchases. When linking a card, the process involves providing the card details, typically the first six and last four digits, which Upside uses to match transactions and verify purchases.

The security measures applied to linked cards are robust, mirroring the protections in place for bank account connections. Users can choose the method that best aligns with their comfort level regarding data sharing, while still participating in the cashback program.