Your data is safe with us
Security you can trust
We treat your financial data with the same care you do. Here's exactly how we keep it safe.
256-bit AES Encryption
All data is encrypted at rest and in transit using the same encryption standard used by major banks and financial institutions.
Zero-Knowledge Architecture
We never store your bank login credentials. Connections use tokenized, read-only access through our banking partners.
SOC 2 Type II Certified
Our infrastructure and processes are audited annually by independent third-party auditors to meet rigorous security standards.
How we protect your information
Infrastructure Security
- Hosted on SOC 2 certified cloud infrastructure with 99.99% uptime SLA
- All servers run inside private networks with strict firewall rules
- Automated vulnerability scanning and penetration testing every quarter
- Real-time intrusion detection and 24/7 security monitoring
Application Security
- Multi-factor authentication (MFA) available on all accounts
- Session tokens automatically expire after periods of inactivity
- Rate limiting and brute-force protection on all endpoints
- Regular third-party code audits and dependency scanning
Data Privacy
- We never sell, rent, or share your personal data with advertisers
- You can export or delete all of your data at any time
- GDPR, CCPA, and PIPEDA compliant
- Transparent data processing — see our Privacy Policy for full details
Banking Connections
- Powered by Plaid — the same provider used by Venmo, Robinhood, and Coinbase
- Read-only access — we can never move money or make transactions
- Token-based authentication — your bank password is never stored on our servers
- You can revoke access to any connected account instantly
Have a security question?
Our security team is happy to answer any questions or provide additional documentation.