Your data is safe with us
Security you can trust
We treat your financial data with the same care you do. Here's exactly how we keep it safe.
256-bit AES Encryption
All data is encrypted at rest and in transit using AES-256 — the same standard used by major banks and financial institutions.
No Stored Bank Credentials
We never see or store your bank login credentials. Bank connections use tokenized, read-only access through Plaid.
SOC 2 Certified Infrastructure
We host on Vercel and cloud providers that hold SOC 2 Type II certification, ensuring your data lives on audited, enterprise-grade infrastructure.
How we protect your information
Infrastructure Security
- Hosted on SOC 2 certified cloud infrastructure (Vercel / AWS)
- All servers run inside private networks with strict firewall rules
- Automated dependency vulnerability scanning with security alerts
- Platform-level uptime monitoring and incident alerting
Application Security
- Multi-factor authentication (MFA) available on all accounts
- Sessions expire after 30 days and are invalidated on password change
- Rate limiting and brute-force protection on all authentication endpoints
- Regular third-party dependency audits and automated CVE scanning
Data Privacy
- We never sell, rent, or share your personal data with advertisers
- You can export or delete all of your data at any time from Settings
- Transparent data processing — see our Privacy Policy for full details
- Consent management: you control which communications you receive
Banking Connections
- Powered by Plaid — the same provider used by Venmo, Robinhood, and Coinbase
- Read-only access — we can never move money or make transactions
- Token-based authentication — your bank password is never stored on our servers
- You can revoke access to any connected account instantly
Have a security question?
Our security team is happy to answer any questions or provide additional documentation.