Security
Bank level encryption & stringent consumer privacy policies
Compliance
In order to provide clients with “Proactive Service”, advisors must share client PII with Sora including name, phone number, date of birth, and social security number. This information is used to verify client identity and connect to credit agency providers to import client liability data in real time. There is a one time authorization and verification, after which sensitive client information is purged from Sora’s databases.
RIA compliance lawyers have reviewed Sora’s client onboarding process and confirmed that SEC and state regs do not prohibit advisors from onboarding clients to Sora using PII including SSN. Policies allow for advisors to share client data with 3rd parties in order to provide planning and advisory services to clients and their accounts.
Sora does not share client data with any 3rd parties until and unless a client requests that we do so in the case of facilitating a lender introduction. Sora will also never contact clients without an advisor’s express permission.
Data Security
✓ All PII stored by Sora is encrypted (256-bit encryption). PII is only stored momentarily to pull credit score, liability information. The PII is then deleted.
✓ Sora does not store any user payment information
✓ All traffic (connections between Sora’s front-end and back-end and all internal connections) is routed through the secure layer HTTPS
✓ The Sora security team is happy to work directly with your team to meet any additional compliance or security requirements you may have
