At Budgets, we take security and privacy very seriously. Here are a few of the ways we protect your data:
We enforce bank level encryption for all communication between you and our servers. What does that mean? For you techy folks, we use TLS v1.2 with AES 128 bit encryption (or higher). That means that there are 2^128 or about 34,000,000,000,000,000,000,000,000,000,000,000 different combinations that a malicious hacker would need to try to break the encryption, way out of reach for even the most powerful computers. This is considered industry standard so you can rest assured no one will be stealing your data over the network.
We host all of our code using Amazon Web Services (or AWS for short). AWS is used by some of the largest organizations in the world including Netflix, Disney, NASA, and the US department of State. All of Budgets data is encrypted-at-rest, which means we encrypt all the hard-drives where sensitive data is stored. So even if someone broke into Amazon's datacenter and stole our servers, they would then need to break the encryption before they could access any data.
We require strong passwords to create a Budgets account, requiring at least 8 characters with at least one upper case character, lower case character and a number. This helps make it more difficult for a computer to guess your password. We also will NEVER be able to see your password. We salt and hash (more techy terms) each password before it's stored in our database. That means that if someone were to hack into our AWS account, AND download our database, AND crack the encrypted database, they still wouldn't be able to see your password. Not even we can see your password.
Speaking of passwords, we DO NOT and will NEVER store your bank username or password. We use a third party called Plaid to store bank credentials and communicate with the many different banks Budgets supports. They are owned by Visa, and have a very high security standard. If you'd like, you can read more about it on Plaid's Security Page.
Your privacy is important to us, so we do not view or monitor your budgeting activity, bank balances, or transactions on a regular basis. There are times when we may look into your budget in order to help you troubleshoot an issue, but access is very limited, and only used when necessary.
Have a question about security that wasn't answered here? Send us an email at firstname.lastname@example.org