Support Sign in

Compliance & Due Diligence FAQ

What type of information will Moov have access to?

Via Jack Henry, Moov receives the legal name, address, phone, and email of the end user who is using Rapid Transfers. When the user links their external debit card, they are providing their card number, expiration date, and security code.

For the financial institution serving as a merchant, Moov requires a number of data elements which are outlined in our onboarding form. These include the name of your primary regulator, EIN, and the account number for the general ledger account used for daily settlement.

Does Moov retain any of this information?

All data is securely stored on Moov’s cloud provider, Google Cloud Platform (GCP). This data is retained for a period of five years. The only exception is that we do not store end users’ debit card security codes, which are not retained when cards are added for use with Jack Henry Rapid Transfers

How will this information be provided to Moov?

End-user data is provided to Moov via secure API integration with Jack Henry. Financial institution information is provided directly from the bank or credit union via Moov’s secure web portal, the Moov Dashboard.

Does Moov maintain a physical security policy?

Moov does not operate a physical facility. All infrastructure is hosted in GCP, and physical security controls are managed by Google in accordance with their industry-standard security practices.

Do third-party/vendor resources have access to Moov’s network?

No, third-party vendors do not have access to Moov’s network.

Will any client data leave the United States?

No, client data does not leave the U.S.

Is production data ever used in non-production environments (e.g., Test, Dev, QA)?

No, production data is not used in non-production environments.

Does Moov maintain a Data Loss Prevention (DLP) policy?

Yes, Moov has Data Loss Prevention (DLP) controls in place. Details can be found in the Moov Financial SOC 2 Type II 2024 audit report, available via the ForClients Portal.

Does Moov maintain cloud security policies?

These are documented in the Moov Financial SOC 2 Type II 2024 Audit, available via the ForClients Portal.

Has Moov experienced any security or data breaches in the past 36 months?

No, Moov has not experienced any breaches during this period.