All communication between phone and server, and server to 3rd party is communicated via TLS 1.2 using SHA256 with ECDSA encryption.
Communication between server and database is via TLS 1.2 using SHA256 with RSA encryption. It is hosted in Microsoft’s UK West Datacentre in Cardiff.
Data at rest:
On mobile, all data is encrypted using 64-byte key backed by AES-256+SHA2 encryption, which is secure enough for banks for their consumer smartphone apps.
On the server, all data is stored in Microsoft’s UK West Datacentre in Cardiff, using a AES 256-bit cipher. More information can be found at https://www.microsoft.com/en-us/trustcenter