We take the security of our users very seriously. We use industry standard practices and technologies to keep your information safe. Additionally, as an ad-free subscription service, we aim to minimize the personal data we store about our users.
We encrypt all data transmission using bank-grade AES 256-bit encryption. This is the industry-leading encryption standard used by the largest banks.
For the highest available level of security and trust, we use an Extended Validation SSL certificate. This kind of certificate is subject to a comprehensive verification process to prove that a website belongs to a real company. When logging into or using the app, most browsers will show our company name - Budgit, Inc. - in the address bar, next to (or instead of) our domain "https://budgitapp.com".
Budgit relies on Plaid for read-only access to your financial accounts. Our token-based integration allows users to authenticate their bank credentials directly via Plaid, meaning that usernames and passwords never touch our servers or database. Instead of handling bank logins, we receive a secure token from Plaid which is used to download bank data from Plaid.
Read more about Plaid's security policies here.
Budgit is built and hosted entirely on Heroku, which is a container-based cloud platform leveraging Amazon Web Services (AWS). Heroku and Amazon maintain rigorous security practices and are trusted by leading software companies and the US government to maintain critical infrastructure. All data is housed within Amazon's secure data facilities.
Read more about Heroku's security policies here.
When you sign up or log into Budgit, you will be asked to verify your account via your mobile phone. This helps ensure the security of your private data should someone find out your account password.
If you have any specific questions or concerns, please contact us via chat (at the bottom right) or via email at email@example.com.