Pikt

    Reward router

    PricingCardsMobileSecuritySupportAbout

    Security

    Your bank access, handled with care

    Pikt is built around a simple promise: we help you earn more without ever being able to touch your money. During the early demo, connections are read-only and routing is simulated until the live Pikt card ships.

    Read-only by design

    Pikt connects to your accounts through Plaid in read-only mode. We can see balances and rewards to route smartly — we cannot move, send, or withdraw your money.

    Bank-grade connections via Plaid

    We never see or store your bank passwords. Plaid — used by thousands of fintech apps — handles the secure connection and tokenized access.

    Encrypted end to end

    All traffic is encrypted in transit (TLS) and sensitive tokens are encrypted at rest. Access tokens are scoped and revocable at any time.

    You're in control

    Disconnect a bank or delete your account at any time. When you do, we revoke the associated access tokens and remove your linked data.

    Least-privilege access

    Privileged operations run server-side behind authenticated APIs. Secrets never reach the browser or mobile app.

    No surprise money movement

    Today's demo recommends the best card and simulates savings — it does not initiate transfers or charges on your behalf. When live routing launches, charges will route to your linked cards under clear user consent.

    What we store — and what we do not

    We store

    • • Tokenized card identifiers (not raw card numbers)
    • • Spending category signals and merchant types used for routing decisions
    • • Routing history — which card was selected, and why
    • • Account preferences and notification settings

    We never store

    • • Bank login credentials — those stay with Plaid
    • • Full card numbers, CVVs, or PINs
    • • Social Security Numbers or government-issued IDs
    • • Real-time account balances — we read them at routing time and do not retain them

    If something goes wrong

    In the unlikely event of a security incident involving your data, we will notify affected users within 72 hours of discovery and give clear guidance on next steps. To report a security concern directly, email security@trypikt.com.

    Pikt is operated by Stack Labs, Inc. d/b/a Pikt Rewards. Have a security question or want to report a concern? Email security@trypikt.com.

    Pikt© 2026
    PricingCardsMobileSecuritySupportContactAboutStatusDisclosuresPrivacyTerms