You’re responsible for creating secure passwords and two-step authentication (2FA)

Two-step authentication can prevent 99.9% of cyberattacks and can give you extra protection against hackers. It’s your responsibility to use strong passwords and set up two-step authentication. Password jokes are a dime a dozen, but security is serious business. Always:

  • Use different passwords for every website and app you use

  • Make passwords long and hard to guess using upper and lowercase, numbers and symbols (Stonk$21 would take 8 hours to crack, IAmaR0ck$tarW3bB0S$4lyF3 would take 7 quadrillion years!)

  • Consider using a password manager app like LastPass or 1Password.

Should things go wrong, we can immediately disable accounts when we’re made aware of an issue - just email our team at

Is my data secure?

Before you sign up to Hatch, we’ll ask you to read and agree to our Hatch terms and privacy. There we outline what information we and our partners hold and why it’s needed.

It’s important you’re also aware that our partners, like our US broker DriveWealth, have their own privacy policies that describe how your personal information is kept safe, and that you’re comfortable with them.

All the data on Hatch is encrypted and securely stored with Amazon Web Services (AWS).

Is my money safe?

We work hard to keep your money safe and have multiple measures in place to take the time to verify who you are and identify potential fraudulent activity. This includes:

  • When you sign up to Hatch we ask for a few personal details to comply with New Zealand and US law - including your NZ driver’s licence, NZ passport or foreign passport - to know it’s you investing and not someone impersonating you.

  • When you want to withdraw your money from Hatch, it’s converted to NZD and can only be sent to your verified NZ bank account.

How we build security checks into Hatch

Security is built into every aspect of our platform and every new feature is reviewed and tested with that in mind. We don’t subscribe to ‘move fast and break things’, and use independent security partners to test our systems every few months to make sure we get it right.

We use automated security testing and are notified in the event of a common vulnerability exposure (CVE) on Hatch. Our partners that hold your money, shares and data follow the latest security practices and undergo regular security audits.

Need help?

Our friendly customer success team is on hand to help if you aren’t sure what to do and get 2FA sorted. If you have seen unusual behaviour on your account, contact us immediately at

Did this answer your question?