How Pyrl Protects Your Information
Encryption & Storage
We encrypt all your data, and no one (not even Pyrl employees) can see your transaction data, unless you grant temporary permission, for instance, in order for us to address a support request that you make.
Pyrl uses bank-level security (256-bit SSL encryption) for all our interactions with you. This is the same security level and method used when you connect directly to your financial institutions.
Pyrl also encrypts your data when it is stored in our database (“encryption at-rest”). This means that even if we had an intruder, they would not be able to make any sense of your sensitive data.
Going beyond the usual protections
Pyrl’s security design prevents even our own staff from the ability to see your transaction information. The connection to all sensitive information is separately encrypted using your password, and stored anonymously.
This means that no one but you can ever link your name or identity to your transactions. For this reason, you may be asked to re-enter your password if you want to view your transaction-level details. This also means that if you forget your password, you will need to re-link any debit/credit cards you’ve registered, in order to re-retrieve and re-encrypt these details.
For more technical details, see below.
In addition to the above data protections on your account and transactions, you are also always in control of your Pyrl account.
This includes the ability to de-activate or fully delete your account anytime you wish, as well as to request a secure download of your account data.
In order to perform our comittment to convey your data privacy directives to the businesses you’ve selected, retailers require that we verify you have appointed Pyrl to do so. We do this using the initials you enter when you sign up.
They also need enough information to find you in their systems, so that your privacy requests can be honored. Pyrl provides retailers with a secure API to accomplish this. We only provide each retailer with the minimum information needed to corrctly locate each individual in their records.
Technical note: How can Pyrl really keep my data that secure?
Some under the hood details for the technically curious:
- When you register, internally Pyrl creates a set of characters that represents your internal Pyrl User ID.
- When you create your password, Pyrl uses a certain combination of your internal User ID and your Password as input into an industry standard cryptographic one-way hash, resulting in a Key that unique to you.
- This Key is not reversible, and not able to be associated with you individually, even by Pyrl staff.
- When you next log in or input your Password, that enables us to repeat the process, identify items that match your Key, and show you your information.
- Therefore it’s not possible for anyone, even Pyrl staff, to associate your transaction information to you. This association is only made momentarily when you log in and want to see your information in Pyrl.
- Using this secure approach, without knowing your identity, Pyrl is also able to perform convenience functions for you, such as categorizing your transactions or other helpful features you opt into.
- The results are then displayed to you using the above technique, only when you log in and unlock using your password.
A note on forgotten passwords:
- You can change your password at any time, by entering your old and new passwords.
- Since Pyrl is engineered to guarantee your security, it is important that you remember your password.
- If you forget your password entirely, you may reset it, but because Pyrl has no way to retrieve transactions that were locked with your old forgotten password, you will need re-retrieve any transaction information (credit card or retailer-provided purchase info), which will then be locked with your new password.
- Pyrl periodically purges any dated information in our records that were orphaned from their owner as a result of forgotten passwords.