Security at The Budget App

At The Budget App, your financial security is our top priority. You trust us with sensitive data — and we’ve built every layer of our platform with privacy, safety, and transparency in mind.

🔒 Access Controls

Your financial data is yours — private, secure, and protected by default.

All the data you create (expenses, budgets, transactions, etc.) is only accessible to you
Our team does not access user data under normal circumstances

That said, we do have the ability to access account-level data if absolutely necessary, such as:

Responding to a technical support request from you
Fulfilling a legal obligation or complying with a valid court order

This access is strictly limited, audited, and performed only by authorized personnel on a case-by-case basis. We take this responsibility seriously.

🔒 Important: Your password is encrypted and cannot be viewed by anyone — not even our team.

🔑 Strong Account Protection

We implement multiple layers of protection to safeguard your login and account:

Enforced strong password requirements
Blocklist for weak or common passwords
Rate-limiting and temporary lockouts after multiple failed login attempts to stop brute-force attacks
Encrypted password storage — your password is never stored in plain text

🧱 Bank-Grade Encryption

Your data is protected using secure encryption protocols at all times:

WhenHow

In TransitTLS (HTTPS) Encryption

At RestAES-256 Encrypted Storage

All communication between your device and our servers is protected with modern HTTPS protocols.

🏦 Secure Bank Integration with Plaid

We use Plaid, a trusted financial data provider, to connect securely with your real bank accounts.

We never see or store your bank login credentials
When available, authentication happens directly with your bank using OAuth
Only essential information (like balances and transactions) is retrieved
We do not request or store your name, address, or other personal details from your bank

🧰 Secure Infrastructure

The Budget App is built on a modern and secure stack:

LayerTechnology

FrontendVue.js + Capacitor

BackendParse Server

HostingHeroku (on Amazon Web Services)

DatabaseMongoDB Atlas

Certifications & Security

Our infrastructure benefits from:

AWS & Heroku security certifications (ISO 27001, SOC 2, PCI DSS, and more)
MongoDB Atlas with IP whitelisting, data encryption, and role-based access controls

🔐 Privacy-First by Design

We design everything with your privacy in mind:

Each item you create is stored with access permissions that ensure only you can see your data
We do not sell, rent, or share your data with third parties
We only collect the information needed to help you manage your money

🧼 Account Deletion & Data Retention

When you delete your account:

Your data is completely and permanently erased
We do not retain deactivated or hidden versions of your data
Inactive accounts may be auto-deleted after 12 months

📡 Network & Traffic Protection

We enforce strict network security:

All traffic is encrypted via TLS (HTTPS)
We use modern cipher suites and browser-level protections
Advanced headers (like Content Security Policy) help prevent malicious behavior

🙅‍♂️ No Password Requests — Ever

We will never ask for your password, banking credentials, or login codes by email, phone, or message.

Always make sure you're logging in at:
🔗 https://app.thebudget.io

If you suspect phishing or suspicious activity, please contact us immediately.

🐞 Report a Security Issue

If you discover a vulnerability or potential issue, we want to hear from you.

📧 Contact: security@thebudget.io

We treat every report seriously and appreciate help from our community in keeping The Budget App safe.

✅ Final Word

Security isn’t just a feature — it’s part of our foundation. From secure infrastructure to strict internal controls, we’ve built The Budget App to protect your financial life from day one.

If you have any questions about your security or privacy, we’re always here to help.

The Budget App