GWP

Security

Security and Trust

How GWP protects your clients' financial data.

Last updated: June 11, 2026

Growing Wealth Platform (GWP) is a wealth intelligence platform for licensed financial advisors. GWP is not a financial advisor, broker-dealer, registered investment adviser, or bank. The platform surfaces financial data and AI-generated conversation priorities for use by licensed professionals.

GWP accesses financial account data through Plaid, a read-only connection to US financial institutions. Plaid products in use include Transactions, Liabilities, and Auth (depository account verification). GWP also collects self-reported profile and onboarding data and accepts document uploads through the platform.

GWP does not execute transactions, sell personal data, provide investment advice, or share client data with third parties for advertising purposes.

Security standards

Data encryption

Industry-standard encryption at rest and in transit. Plaid access tokens are stored server-side in PostgreSQL and are never exposed to the client application.

Plaid integration

GWP uses Plaid for US financial account connectivity — the same infrastructure used by thousands of financial applications. Access is limited to account data retrieval. GWP does not initiate transfers or modify accounts.

Plaid Security →

Access controls

Client data is accessible only to the client and their connected advisor. Enforced via Clerk authentication, profile-scoped queries, and advisor workspace permissions. No cross-client data access is possible.

SOC 2 in progress

GWP is currently completing SOC 2 Type 1 certification. Expected completion Q4 2026. Documentation available on request.

Regulatory alignment

Regulation S-P

GWP is a technology vendor, not a covered financial institution under Regulation S-P. However, GWP is designed to support your Regulation S-P vendor oversight obligations. We provide security documentation and data handling agreements on request to support your compliance review.

FINRA guidelines

GWP does not provide investment advice, manage assets, or execute transactions. The platform surfaces financial data and AI-generated conversation priorities for use by licensed advisors. All recommendations remain the sole responsibility of the licensed advisor.

Data privacy

GWP complies with applicable US data privacy laws. Client data is processed and stored on US-hosted cloud infrastructure (Vercel, Neon PostgreSQL, Fly.io). Clients may request deletion of their data at any time by contacting help@joingwp.com or security@joingwp.com. See our privacy policy for full details.

Compliance documentation

Available on request or download. Plaid's security programme is documented at security.plaid.com.

  • Data processing agreement
  • Security overview documentDownload
  • Plaid data access scopeDownload
  • Incident response policy
  • SOC 2 Type 1 reportAvailable Q4 2026

Plaid data access scope includes a GWP-specific supplement. For Plaid's own certifications and controls, see security.plaid.com.

Contact

For compliance and security questions contact security@joingwp.com

  • Papa Yaw QuainooFounder & CEO
  • Elias WambuguCTO

We respond to all compliance enquiries within one business day.