Learn About SCRA
Complete SCRA Guide Eligibility Requirements How to File Claims National Guard Reserves
All Protections
6% Interest Rate Cap Retroactive Refunds Lease Termination Eviction Protection Foreclosure Protection Contract Cancellation Insurance Protections Tax Protections Legal Protections Court Stays
Landlords & Leases
All Landlords Greystar General Guide
Services & Contracts
All Services Auto Leases Verizon Planet Fitness
By Lender
All Lenders Chase USAA Navy Federal
By Debt Type
All Debt Types Auto Loans Mortgages Credit Cards Student Loans
Product & Intel
Pricing Intel Support
Sign In
Sign Up

Your Data, Fortified

You're trusting us with sensitive military and financial information. Here's exactly how we protect it.

256-bit
SSL Encryption
SOC 2
Type II Certified
Zero
Data Breaches
24/7
Monitoring

Industry-Standard Certifications

Independently audited. Continuously monitored. Verifiable security.

SOC 2 Type II

Annual third-party audit verifying our security controls meet rigorous standards for data protection, availability, and confidentiality.

256-bit SSL/TLS

All data transmitted between your browser and our servers is encrypted with the same standard used by major banks and financial institutions.

AES-256 at Rest

Your data is encrypted when stored in our databases. Even if someone accessed our servers, your information would be unreadable.

Defense in Depth

Multiple layers of protection. No single point of failure.

Network Security
DDoS protection, WAF, rate limiting, IP filtering
Application Security
Input validation, CSRF protection, secure headers
Authentication
Secure password hashing, 2FA support, session management
Data Encryption
AES-256 at rest, TLS 1.3 in transit, encrypted backups
Your Protected Data

Access Controls

  • Role-based access—employees only see what they need
  • All access logged and audited
  • Background checks for all team members
  • Automatic session timeouts

Monitoring & Detection

  • 24/7 automated threat monitoring
  • Anomaly detection for suspicious activity
  • Real-time alerting for security events
  • Regular penetration testing

Secure Development

  • Security-first code reviews
  • Automated vulnerability scanning
  • Dependency monitoring for CVEs
  • OWASP Top 10 compliance

Infrastructure

  • AWS hosting with SOC 2 compliance
  • Automated encrypted backups
  • Geographic redundancy
  • Regular disaster recovery testing

Our Security Partners

We only work with industry-leading providers who meet our security standards.

Plaid

Bank Account Verification

SOC 2 Type II ISO 27001 PCI DSS

Stripe

Payment Processing

PCI Level 1 SOC 2 SSAE 18

AWS

Cloud Infrastructure

SOC 1/2/3 FedRAMP ISO 27001

Your Security Checklist

Steps you can take to protect your account

Use a Strong, Unique Password

At least 12 characters with a mix of letters, numbers, and symbols. Don't reuse passwords from other sites.

Enable Two-Factor Authentication

Add an extra layer of security by requiring a code from your phone in addition to your password.

Watch for Phishing

We'll never ask for your password via email. Always access SCRA Saver by typing the URL directly.

Keep Your Devices Secure

Use up-to-date browsers and operating systems. Avoid accessing your account on public computers.

Our Incident Response Commitment

While we've never had a data breach, we have a detailed plan if one ever occurs. Transparency is non-negotiable.

Immediate Containment

Isolate affected systems, revoke compromised credentials, stop the breach from spreading.

Notify Affected Users Within 72 Hours

If your data is involved, you'll hear from us directly with clear information about what happened.

Provide Remediation Support

We'll offer credit monitoring, identity protection, and any other support needed.

Publish Post-Incident Report

Full transparency about what happened, how we fixed it, and what we're doing to prevent recurrence.

Your Data is Protected

Questions About Security?

We're happy to answer any questions about how we protect your data.

Contact Security Team View Privacy Policy