1) Blueleaf protects you structurally because we are a read-only system.
Even if someone managed to gain access to your Blueleaf account, they cannot move money.
2) Blueleaf doesn’t store your user name and password, EVER.
When you provide your bank username and password, this simply establishes a secure one-way connection with your bank authorizing Blueleaf to download transactions and holdings information on your behalf. Our partners handle the storage of your account security credentials, so it’s never retrievable from your Blueleaf account. These partners, ByAllAccount, Yodlee and Quovo, do the same for Fidelity, Bank of America and likely your bank. They manage information on 100s of $billions and have never been compromised.
3) To prevent even the viewing of your data, Blueleaf has bank-level data security.
That means we have the same level of data encryption your bank does. We also have bank-level physical security. Our servers are located in an unmarked secure building which requires a palm scan to gain entry. After making it past guards, you have to go through a “man-trap” where one door will not open until the other closes and you again have biometric access. Once you get inside, our servers are in a locked cage monitored with 24/7 video surveillance. Get inside, and the racks themselves are locked. Break those open, and our hard drives are encrypted. It’s seven layers of protection. All that’s missing are the electrified floors...
Additional detail is available here: http://www.blueleaf.com/security/