Security & Privacy

How your financial data is protected — written plainly, including the limitations.

Access & Authentication

🔑

Google sign-in only

You log in with your existing Google account. There's no separate password to create or lose. Authentication is handled by AWS Cognito and Google — your credentials are never sent to this app.

🚫

Allowlist — not open to the public

Only email addresses that have been explicitly approved can log in. Even a valid Google account is blocked at the door if it's not on the list. You were added before you received this link.

🔐

Every request is verified server-side

After login, every API call carries a short-lived token. The server validates it on each request — it's not possible to access another user's data even if you guessed their URL.

Bank Connection

🏦

Your bank credentials never touch this app

Bank linking is handled entirely by Plaid — the same service used by Venmo, Robinhood, and thousands of financial apps. You enter your bank username and password directly into Plaid's secure interface. This app only ever receives a read-only access token in return.

👁

Read-only access

The Plaid connection only reads balances and transactions. It cannot initiate transfers, move money, or make any changes to your accounts.

Data Storage

🗄

Encrypted at rest

Your data is stored in a private AWS S3 bucket with AES-256 encryption. The bucket is not publicly accessible — it can only be reached by the app's backend functions.

👤

Your data is isolated from other users

Each user's files are stored under a unique folder tied to their account ID. There's no way for one user to read another user's balances, transactions, or history.

🔒

Encrypted in transit

All traffic between your browser and the app uses HTTPS with a TLS certificate issued by Amazon. Unencrypted connections are not accepted.

Honest Limitations

⚠ What this app is not

This is a personal project, not a registered financial institution. It has not been independently audited or penetration-tested by a third party.
Your login token is stored in your browser's local storage. This is standard practice for web apps, but it means any malicious browser extension with broad permissions could theoretically read it.
Access is managed manually by Nathan. If you ever want to be removed, just ask — it takes a few minutes.
The AI chat feature (Claude) sends your recent transaction summaries to Anthropic's API to generate responses. No account numbers or bank credentials are included — only amounts, categories, and dates.

Questions or concerns? Contact Nathan directly at nrbarnard@gmail.com. If you want your data removed or your access revoked at any time, he can do it immediately.