In accordance with Reincubate's position on privacy and data -- and the company's mission to democratise access to data, so individuals and companies can do more with their own data on a transparent and ethical basis -- the API's licensing agreement specifically prevents its use for any unethical purpose, and for integration with any product which is marketed for unethical purposes.
The company has led the industry in developing a number of critical privacy-enhancing features.
Two-factor authentication: 2FA / 2SV
Modules for 2FA are made freely available to all users of the API, and it is recommended that all clients take advantage of the functionality and encourage their end-users to adopt it. Better account security benefits every user of the ecosystem: usernames and passwords alone is not best practice in securing accounts.
In keeping with encouraging adoption of 2FA, the API's tokenisation module is also made freely available to every client. This removes the need to store the most sensitive account credentials, which in turn reduces potential client data exposure.
Low-level account blocking
The API includes a strict account blocking mechanism which allows for completely disabling access to named accounts. Consequently, it is possible (and encouraged) to blacklist access to known high-risk accounts.
Account access notification
Reincubate considers best practices for account security to include automatically emailing end-user account owners at such time as their data is accessed, and do continue to do so on an ongoing-basis. Clients typically want to control this process with their own branding, or to rely on the underlying service provider's messages: however, a mechanism is available in the API which can send a call-back to a client's notification system, such as MailChimp.