Security
How we protect your data and keep your information safe.
No sensitive financial credentials
FundBlender works with publicly available market data. We never ask for brokerage logins, bank credentials, or account numbers. Your portfolio is defined by the ETF tickers and allocations you enter — nothing more.
Encryption in transit
All connections between your browser and our servers use TLS 1.3. API traffic between our internal services is authenticated and encrypted. There is no unencrypted path to your data.
European data hosting
All application servers and data are hosted in Europe, subject to GDPR and strong European privacy protections. Data is encrypted at rest and backed up daily.
Authentication
We support sign-in via Google OAuth. There are no passwords stored on our servers to steal or phish. Session tokens are short-lived and scoped to your account.
Responsible disclosure
If you discover a security vulnerability, please report it to security@fundblender.com. We take every report seriously and will respond promptly.
For more about how we handle your data, see our privacy policy.