Security
Your money. Your data. Protected.
We built Sampul with the same security standards you expect from a financial institution — and we'd rather show you how than shout about it.


Double-locked vault
Encryption at rest and in transit — your data stays sealed.

Read-only keys
Bank connections can see balances — never move your money.
Biometric unlock
Face ID and fingerprint stay on your device, not ours.

Hardened cloud
Enterprise infrastructure with monitoring and backups.

Encryption
Your data is encrypted in transit using TLS and encrypted at rest on our infrastructure. Sessions are secured and expire automatically after inactivity, so a forgotten open tab doesn't become a risk.

Read-only connections
Sampul aggregates your financial data — it does not initiate transfers or payments. Bank connections are read-only by design: there is no capability to move your money, which means there is no such capability to compromise.

Access control
Two-factor authentication protects your login, biometric unlock (Face ID and fingerprint) protects the mobile app, and household permissions control exactly what each family member can see. You decide who sees what, per account and per document.

PDPA compliance
We process personal data in line with Malaysia's Personal Data Protection Act 2010. You can access and export your data, correct it, and delete your account and its data entirely — most of it self-service from Settings, all of it detailed in our Privacy Policy.

Infrastructure
Sampul runs on enterprise-grade cloud infrastructure with managed database security, continuous monitoring, and routine backups. We keep our stack boring where it matters: proven providers, least-privilege access, and audit logging.

Responsible AI
Sampul AI uses your financial data for one purpose: answering your questions and improving your plan. Your data is not sold to third parties, and it is not used to advertise to you.

Incident response
If an incident ever affects your data, we will tell you — clearly, promptly, and with specifics about what happened and what we're doing about it. We maintain an internal incident-response process and notify affected users and regulators as required by law.

Report a vulnerability
Security researchers are welcome. If you believe you've found a vulnerability in Sampul, email security@sampul.app with the details. We read every report, respond quickly, and won't take action against good-faith research.
security@sampul.app →Questions about security?
Read the security articles in our Help Center, or email security@sampul.app.
Sampul is a financial planning platform, not a licensed bank or investment manager, and does not hold or move client money. Investment and estate guidance through TSI Wealth Planners is provided by licensed professionals. Past performance does not guarantee future results. Full legal disclosures →
