We take the security of our users very seriously. We use industry-leading practices and technologies to keep your information safe. Additionally, as an ad-free subscription service, we aim to minimize the personal data we store about our users.
Our databases are encrypted at rest with AES-256, block-level storage encryption
We encrypt all data transmission using bank-grade AES 256-bit encryption. This is the industry-leading encryption standard used by the largest banks.
For the highest available level of security and trust, we use an Extended Validation SSL certificate. This kind of certificate is subject to a comprehensive verification process to prove that a website belongs to a real company. When logging into Budgit or using the web app, most modern browsers will show our company name - Budgit, Inc. - in the address bar, next to (or instead of) our domain "https://budgitapp.com".
Budgit relies on Plaid for read-only access to your financial accounts. Our token-based integration allows users to authenticate their bank credentials directly via Plaid, which means bank usernames and passwords never touch our servers or database. Instead of handling bank logins directly, we receive and store a secure token from Plaid, which we can use to access account and transaction data from Plaid.
Read more about Plaid's security policy here.
Budgit is built and hosted entirely on Heroku, which is a container-based cloud platform leveraging Amazon Web Services (AWS). Heroku and Amazon maintain rigorous security practices and are trusted by leading software companies and the US government to securely maintain critical infrastructure. All user data is housed within Amazon's secure data facilities.
Read more about Heroku's security policy here.
When you sign up or log into Budgit, you will be asked to verify your account via your mobile phone. This helps ensure the security of your private data should someone find out your account password.
If you have any specific questions or concerns, please contact us via chat (at the bottom right) or via email at firstname.lastname@example.org.