Help CenterAbout UsAccount ProtectionsProtecting Customer Information
Category
About Us
  • Company Overview
  • Account Protections
  • Disclaimers & Disclosures
Account & Login
Bank Transfer
Asset Transfer
Trading & Investing
Retirement
Documents & Taxes
Webull Premium
Promotions
Market Data & Analysis
Features & Navigation

Protecting Customer Information


At Webull, protecting your personal information is more than just a regulatory obligation—it is a fundamental part of who we are as a company. We understand that trust is the cornerstone of any financial relationship, and we are committed to safeguarding the data you share with us. Beyond meeting industry standards and compliance requirements, we hold ourselves to the highest ethical standards to ensure your privacy and security.


This FAQ page is designed to answer common questions about how we protect your information, demonstrating our dedication to transparency and your peace of mind as a valued client.


Why does Webull collect my personal information?

Webull collects personal information to provide and enhance its services, ensure compliance with legal obligations, and improve user experience. This includes collecting your legal name, date of birth, and social security number so that we can verify your identity in order to comply with U.S. law. We also collect contact data (like email and phone number), financial data (including bank account details and income), and usage information (such as device identifiers and browsing activity) in order to enhance our services and to prevent fraud.


How does Webull protect my personal information?

Webull employs industry-leading security measures to protect your personal information. Our safeguards include a wide range of practices, highlighted by:


  • System features and configuration settings designed to authorize user access while restricting unauthorized users from accessing information not needed for their role;
  • Use of intrusion detection systems to prevent and identify potential security attacks from users outside the boundaries of the system;
  • Regular vulnerability scans over the system and network, and penetration tests over the production environment;
  • Operational procedures for managing security incidents and breaches, including notification procedures;
  • Use of advanced encryption technologies to protect customer data both at rest and in transit;
  • System performance and availability monitoring mechanisms to help ensure the consistent delivery of the system and its components.
  • Business continuity and disaster recovery plans that include detailed instructions, recovery point objectives, recovery time objectives, roles, and responsibilities.
  • Voluntarily subjecting ourselves to annual external audits, including Penetration Testing and SOC 2 Type 2 Audits.

We are committed to safeguarding your information through robust physical, technical, and administrative security measures.


Is my data encrypted at Webull?

Yes, your data is encrypted both in transit and at rest. Webull uses state-of-the-art encryption protocols to encrypt all data exchanged between our servers and your device. We also store sensitive information using strong encryption algorithms to provide an additional layer of protection.


Where is my data stored?

Webull utilizes Amazon Web Services (AWS) data center exclusively for all its production platforms and data storage platforms. Specifically, Webull’s primary data center is located in AWS’s North America Cloud with physical location in Northern Virginia, our backup data center is located in AWS’s North America Cloud with physical location in Northern California.


How does Webull protect my account from unauthorized access?

Webull offers multi-factor authentication (MFA) to enhance the security of your account. In addition, we have implemented device and behavioral monitoring to detect and block any suspicious login attempts or activities, including Abnormal IP Address login monitoring.


Does Webull share my information with third parties?

Webull only shares personal information with trusted third-party service providers as necessary to offer our services or comply with legal obligations. We have stringent agreements in place with these providers to ensure they maintain the same level of security and privacy as we do. Webull does not sell customer data to third parties. Webull does not provide your personal information to third-party marketers.


How can I manage my data and privacy settings?

You can manage your privacy settings through the Webull app or website. We provide clear controls for you to access, update, and delete your personal information as required. If you have specific concerns about your data, our support team is available to help.


What steps does Webull take to ensure compliance with data privacy laws?

Webull complies with all applicable data privacy laws and regulations, including Regulation S-P and the California Consumer Privacy Act (CCPA). We also have dedicated teams focused on privacy and data security to ensure our practices remain compliant with evolving regulations.


What should I do if I suspect my information has been compromised?

If you suspect unauthorized access or any compromise of your account or personal information, please contact Webull's support team immediately. We will work with you to secure your account and investigate any potential security issues.


What is a SOC 2 Type 2 Audit and why is it important?

A SOC 2 Type 2 audit is an independent, third-party evaluation designed to assess how an organization manages customer data based on five key principles: security, availability, processing integrity, confidentiality, and privacy. Unlike a Type 1 audit, which reviews the design of controls at a single point in time, a Type 2 audit examines how those controls operate over an extended period—typically six months or more. This rigorous process provides assurance that the organization has implemented effective measures to protect sensitive data and has consistently maintained those measures over time. For companies like Webull Financial LLC, completing a SOC 2 Type 2 audit demonstrates our ongoing commitment to data security, operational excellence, and customer trust.


In October 2024, Webull Financial LLC’s parent company, Webull Corporation, achieved SOC 2 Type II compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18. Achieving this standard with an unqualified opinion serves as third-party industry validation that Webull Corporation provides enterprise-level security for customer’s data secured in the Webull Corporation System.


Webull Corporation was audited by Prescient Assurance, a leader in security and compliance attestation for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which includes but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR. For more information about Prescient Assurance, you may reach out them at info@prescientassurance.com.


An unqualified opinion on a SOC 2 Type II audit report demonstrates to Webull Corporation’s current and future customers that they manage their data with the highest standard of security and compliance.

Was this helpful?
Yes
No
Related Articles