Security Overview

All data is transmitted via HTTPS and encrypted in transit. We use TLS 1.2+ for all communications between the app, our servers, and third-party providers.

Access tokens and transaction data are stored securely with access controls. Data at rest is encrypted using industry-standard AES-256 encryption.

Session-based authentication is used to protect user accounts. We use one-time email codes instead of passwords, eliminating the risk of credential stuffing attacks.

Servers are protected using industry-standard security practices including firewalls, intrusion detection, and regular security audits.

We rely on Plaid and trusted infrastructure providers for secure data processing. All third-party providers are vetted for compliance with security standards.