Pontera’s Commitment to Client Protection


Publication Date: April 10, 2024

We developed Pontera with one mission in mind – to help people retire with greater financial security.  Through our platform, financial advisors have a secure means to review and rebalance your retirement plan accounts as part of your personalized financial strategy.

We understand that retirement savers have a growing need for advisory services and tools to help them budget, bank, and invest across all their financial accounts. Today’s average consumer uses 3 to 4 financial apps, and most believe that the ability to connect their account to apps and services is a top priority when choosing a bank.

Our goal is to ensure that you are able to receive the advice and support you need while your accounts remain secure. 

Your security is our top priority

When you authorize the use of Pontera, you’re entrusting us with your retirement account information and enabling your personal financial advisor to rebalance your account. As such, we want you to have confidence that we are taking meaningful steps to protect your data and assets.

Our robust cybersecurity and data privacy strategies are underpinned by Zero Trust Architecture and compliant with globally-recognized standards including  SOC 2 Type II Certification by Ernst & Young and ISO/IEC 27001 compliance as certified by an accredited ISO body.

Measures we take to safeguard your information include:

  • Rigorous privacy protection: We do not disclose your retirement plan account website credentials to anyone — including your financial advisor. We also firmly believe that your information belongs to you only, and we do not sell or rent it to anyone. Our privacy policies are designed to comply with all federal and state privacy laws and regulations, including the California Consumer Privacy Act (CCPA).

  • Advanced data protection using best-in-class encryption when data is being gathered, transmitted, and stored within the Pontera environment.

  • Secure infrastructure aligns with esteemed industry frameworks such as the CIS Benchmarks 1.4 and NIST guidelines. Our infrastructure is subject to daily internal monitoring by our security team using cloud security posture management (CSPM), and annual audits for SOC 2 Type II compliance certification, to maintain the highest standards of protection.

  • Tightly controlled access requirements grounded in the principles of “least privilege” and Role-Based Access Controls (RBAC) ensure that employees only have access to the data necessary for their roles. Pontera employees complete mandatory background checks, security training, and non-disclosure agreements.

  • Continuous testing, monitoring, and auditing of our cybersecurity capabilities, including retaining external security experts, to get ahead of potential  vulnerabilities and validate resilience.

Rest assured: In the event that you suspect that there has been unauthorized access to your retirement account data that occurs as a result of a security breach to Pontera’s systems, we are committed to working with you to thoroughly assess the situation and to explore appropriate measures to help mitigate negative impacts– including financial assistance– in an effort to make you whole.

Please note that Pontera is not responsible for losses arising due to the acts or omissions of you or your advisor, or a security breach to you, your advisor or any other third party. For clarity, you remain responsible for transactions and other activities made by your investment advisor for you (or any transactions or activities initiated by someone to whom you have given access to your account information and/or account credentials), or that otherwise occur as a result of a compromise of your account credentials.

We will ask for your cooperation with our investigation and may require you to take follow up actions. Pontera may require you to assign certain rights or sign a release form as a condition to receiving financial support from Pontera. We do not cover taxes, legal fees, or any indirect, consequential or non-monetary damages.

If I suspect unauthorized activity has occurred on one of my financial accounts, can I call upon Pontera?   
Absolutely. If it is an account managed via the Pontera platform by your advisor, we will work with you to assess the situation, damages, and potential mitigation measures. 

How can I protect my accounts?
Pontera strongly encourages you and your advisor take reasonable steps to protect your online security, including:

  • The use of strong passwords

  • Regular password updates

  • The use of Multi-Factor Authentication when available

  • Regular review of your financial accounts for suspicious activity

  • Maintaining security protections of your personal computing devices, installing immediately available updates and trusted antivirus software.

  • Learning how to protect yourself from common cybersecurity threats such as phishing, identity-based attacks, and malware.

How does Pontera help my advisor protect my accounts? 
Pontera acts as a secure layer between you and your advisor, eliminating the need for your advisor to ever know your retirement account credentials.

Pontera helps ensure that your advisor can provide you with financial guidance in a safe manner–only ever allowing the advisor to analyze, monitor, and rebalance your retirement plan accounts. Your advisor never has the means to make account transfers, disperse funds, or change beneficiaries via the Pontera platform.

This means that, while your fund allocations may change, absent fraud or malfeasance by a bad actor, there is no way for your savings to leave your retirement account through the Pontera platform.

How do I authorize my financial advisor to manage my retirement plan account via Pontera?
When your financial advisor invites you to the Pontera platform, you will receive a unique, secure invitation link to connect your account. This link is generated via Pontera and associated with your advisor’s firm. Follow the link and subsequent instructions to provide authorization for your advisor to access your account.

What if I no longer wish to have my financial advisor manage my account? 
Please contact your financial advisor to terminate their management service. Pontera is also here for you. You can reach out to Pontera directly at clientconnection@pontera.com.

How does Pontera distinguish rebalancing performed via the Pontera platform from activities performed through other means? 
Pontera maintains a record of all activities performed via the platform and makes this data available to your financial advisor for their own recordkeeping and compliance efforts and obligations. This Pontera platform data is stored securely, with regular backups, and reinforced by operational continuity measures 24/7.

What should I do if suspected unauthorized activity has occurred on my account? 
Contact your financial advisor and Pontera’s Client Connection Desk as soon as possible:

Call the Client Connection Desk at +1 (646) 461-3213
Mon - Fri 9:00AM - 5:00PM (EST)
Schedule a call here.
Email us at clientconnection@pontera.com