Secure portfolio tracking

Q: Does Ziggma see my broker login credentials?

No. Ziggma never sees, stores, or processes your broker login credentials. The connection is handled by Plaid or SnapTrade, and for the large majority of brokers — Fidelity, Schwab, Robinhood, E*TRADE, Interactive Brokers, and others — credentials are entered only on the broker's own site through OAuth, so not even the aggregator sees them. In the few cases where credentials are required, they're passed directly to the broker through the aggregator's encrypted channel and never enter our systems.

Q: Can Ziggma move money or place trades in my account?

No. Ziggma can see your positions, balances, and transactions. We cannot move money, place trades, or change anything in your brokerage account. Data flows one way: from your broker into Ziggma. Nothing flows back.

Q: What happens if Ziggma's servers were breached?

Your data is protected at every layer. Databases and backups are encrypted with AES-256 on US-based Amazon Web Services infrastructure. Even if a backup were somehow obtained, it would be computationally infeasible to read without the decryption keys, which are managed separately.

Q: What happens to my data when I delete my account?

When you delete your Ziggma account, we delete all your data from our database, terminate any active broker connections, and automatically notify the third-party aggregators so they stop syncing data.

1. Your credentials never touch Ziggma

For the large majority of majorbrokers, your login happens directly on the broker's own site through OAuth —the same protocol used by Google, Apple, and the rest of modern webinfrastructure. Your username and password are never seen by Plaid, SnapTrade,or Ziggma. A secure token grants Ziggma permission to read your portfolio data,nothing more, and you can revoke it at any time.

2. The connection is read-only

Ziggma can see your positions,balances, and transactions. We cannot move money, place trades, or changeanything in your brokerage account. Data flows one way: from your broker intoZiggma. Nothing flows back.

3. Your data is encrypted, end-to-end

All data is encrypted at restwith AES-256 — the same algorithm used to protect classified government data —and in transit with TLS, the standard that secures online banking. Our infrastructure is hosted on Amazon Web Services in the United States.

How linking actually works

Behind the scenes, the connection between your broker and Ziggma is handled by one of two specialist financial data aggregators: Plaid or SnapTrade. They're the same firms that power household-name fintech apps used by tens of millions of people, and they'repurpose-built for one job — making this kind of connection safely.

Roughly 1 in 2 US adults haslinked a financial account through Plaid, which connects to more than 12,000 financial institutions across the US, Canada, UK, and Europe and powersover 7,000 financial apps. SnapTrade specializes specifically inbrokerage and retirement accounts, with access to 30+ brokers and over 125million reachable accounts.

When you click "Link account" in Ziggma:

You're redirected to your broker's own website to login. Your credentials are entered on the broker's site, not on ours, and not onthe aggregator's.
Your broker issues a secure token granting read-onlyaccess to your account data. The token is what Plaid or SnapTrade uses to keep your data in sync — credentials themselves are never stored.
From that moment on, your positions, balances, and transactions appear in Ziggma automatically. No CSV uploads, no manual entry, no re-typing passwords.

For the small number ofinstitutions that don't yet support OAuth, credentials are passed directly to the broker through the aggregator's encrypted channel and are never seen by Ziggma. In SnapTrade's case, any stored credentials are encrypted with AWS KeyManagement Service (KMS).

Encryption and infrastructure

Your data is protected at every layer of the stack — on Ziggma's servers, on the aggregators' servers, and in transit between them and you.

Encryption at rest

Databases and backups sit on US-based Amazon Web Services infrastructure and are encrypted with AES-256.Even if a backup were somehow obtained, it would be computationally infeasible to read without the decryption keys, which are managed separately.

Encryption in transit

Every page on Ziggma is served over HTTPS using TLS, so data cannot be intercepted between our servers and your browser. The same standard protects data moving between your broker and the aggregators.

Where your data lives

All Ziggma data is stored on AWS infrastructure in the United States. AWS data centers are independently certified to SOC 1, SOC 2, SOC 3, ISO 27001, PCI DSS, and FedRAMP, with multiple layers of physical and network security.

Third-party securitycredentials

We rely on Plaid and SnapTrade for the broker connection itself, and both hold the certifications that matter for financial data:

Inside Ziggma: disconnect any linked account from your settings at any time. The connection is closed immediately.
With the aggregator: Plaid Portal (my.plaid.com) lets you view and revoke every Plaid connection across every app you use, and delete the data Plaid holds about you. SnapTrade offers equivalent controls.
With your broker: most brokers also let you revoke third-party access directly from their own security settings.

When you delete your Ziggmaaccount, we delete all your data from our database, terminate any active broker connections, and automatically notify the third-party aggregators so they stop syncing data. And we'll repeat what's already been said elsewhere on this page:we have never sold user data, and we never will.

FAQ

Does Ziggma sell my data?

No, and we never will. Our business model is software-as-a-service: we earn revenue by charging a small monthly or annual fee for the features and insights on the Premium plan. That model only works if you trust us — so selling your data would not just be wrong, it would be commercially suicidal.

Does Ziggma see my broker login credentials?

No. Ziggma never sees, stores,or processes your broker login credentials. The connection is handled by Plaid or SnapTrade, and for the large majority of brokers — Fidelity, Schwab,Robinhood, E*TRADE, Interactive Brokers, and others — credentials are entered only on the broker's own site through OAuth, so not even the aggregator sees them. In the few cases where credentials are required, they're passed directly to the broker through the aggregator's encrypted channel and never enter our systems.

Can Ziggma move money or place trades in my account?

No. For portfolio tracking, the connection is strictly read-only. We can see what you hold and how it's performing, but we cannot transfer funds, place trades, or change any setting in your brokerage account. The connection is one-way.

What happens if Ziggma's servers were breached?

We design for the worst case,and three layers of protection still apply:
•      Your broker login credentials are not on our servers inthe first place — there is nothing to steal.
•      Stored data is encrypted with AES-256. An attacker whocopied the database would hold ciphertext that cannot be decrypted without the keys, which are managed separately.
•      Data in transit is protected by HTTPS/TLS on everypage, so it cannot be intercepted between our servers and your browser.

What happens to my data when I delete my account?

All of it is deleted from our database. We terminate any active broker connections, and the third-party aggregators are notified automatically so they stop syncing data. If you want to go further and also delete the data Plaid or SnapTrade hold about you, you can do that directly through their own portals at any time.

The three things to know