Free while in early access — limited time

Security

Your money. Your data. Protected.

We built Sampul with the same security standards you expect from a financial institution — and we'd rather show you how than shout about it.

Double-locked vault

Encryption at rest and in transit — your data stays sealed.

Read-only keys

Bank connections can see balances — never move your money.

Biometric unlock

Face ID and fingerprint stay on your device, not ours.

Hardened cloud

Enterprise infrastructure with monitoring and backups.

Encryption

Your data is encrypted in transit using TLS and encrypted at rest on our infrastructure. Sessions are secured and expire automatically after inactivity, so a forgotten open tab doesn't become a risk.

Read-only connections

Sampul aggregates your financial data — it does not initiate transfers or payments. Bank connections are read-only by design: there is no capability to move your money, which means there is no such capability to compromise.

Access control

Two-factor authentication protects your login, biometric unlock (Face ID and fingerprint) protects the mobile app, and household permissions control exactly what each family member can see. You decide who sees what, per account and per document.

PDPA compliance

We process personal data in line with Malaysia's Personal Data Protection Act 2010. You can access and export your data, correct it, and delete your account and its data entirely — most of it self-service from Settings, all of it detailed in our Privacy Policy.

Infrastructure

Sampul runs on enterprise-grade cloud infrastructure with managed database security, continuous monitoring, and routine backups. We keep our stack boring where it matters: proven providers, least-privilege access, and audit logging.

Responsible AI

Sampul AI uses your financial data for one purpose: answering your questions and improving your plan. Your data is not sold to third parties, and it is not used to advertise to you.

Incident response

If an incident ever affects your data, we will tell you — clearly, promptly, and with specifics about what happened and what we're doing about it. We maintain an internal incident-response process and notify affected users and regulators as required by law.

Report a vulnerability

Security researchers are welcome. If you believe you've found a vulnerability in Sampul, email security@sampul.app with the details. We read every report, respond quickly, and won't take action against good-faith research.

security@sampul.app →

Questions about security?

Read the security articles in our Help Center, or email security@sampul.app.

Sampul is a financial planning platform, not a licensed bank or investment manager, and does not hold or move client money. Investment and estate guidance through TSI Wealth Planners is provided by licensed professionals. Past performance does not guarantee future results. Full legal disclosures →