How Balance Keeps Your Data Safe
Your financial data security is our top priority. This guide explains the comprehensive security measures Balance uses to protect your information.
Security Overview
Balance employs multiple layers of security to protect your data:
- 🔒 Bank-level encryption - Your data is encrypted at rest and in transit
- 🏦 Plaid integration - We never see or store your banking passwords
- 🔐 Secure authentication - Strong password requirements and biometric options
- 🛡️ AWS infrastructure - Hosted on enterprise-grade secure servers
- 📊 No data selling - We never sell or share your personal data
- 🔍 Regular audits - Continuous security monitoring and updates
Data Encryption
Encryption at Rest
All your data stored in Balance databases is encrypted:
- AES-256 encryption - Military-grade encryption standard
- Encrypted databases - Financial data, transactions, personal info
- Encrypted backups - Even backup data is encrypted
- Secure key management - Encryption keys stored separately from data
What this means: Even if someone gained unauthorized access to our servers, they couldn’t read your data without the encryption keys.
Encryption in Transit
Data traveling between you and Balance is protected:
- TLS 1.3 - Latest transport security protocol
- HTTPS everywhere - All connections encrypted
- Certificate pinning - Prevents man-in-the-middle attacks
- Secure APIs - All API calls use encrypted connections
What this means: Your data can’t be intercepted or read while traveling over the internet.
Banking Security with Plaid
Balance uses Plaid to connect to your bank accounts. This provides multiple security benefits:
How Plaid Works
- You connect your bank through Balance
- Redirected to Plaid - Secure connection interface
- You log into your bank - Directly on bank’s website
- Plaid creates secure token - For read-only access
- Balance receives transaction data - But never your password
Key Security Features
Balance never sees:
- ❌ Your banking username or password
- ❌ Your banking security questions
- ❌ Your banking PIN or passcode
- ❌ Your multi-factor authentication codes
Balance only receives:
- ✅ Transaction history (read-only)
- ✅ Account balances (read-only)
- ✅ Account metadata (names, types)
Read-only access:
- Cannot transfer money
- Cannot pay bills
- Cannot change account settings
- Cannot access your bank’s other features
Learn more about Plaid Security →
Authentication Security
Strong Password Requirements
Balance enforces secure password policies:
- Minimum 8 characters
- Uppercase and lowercase letters
- Special characters required
- No common passwords - Dictionary passwords blocked
Learn about password best practices →
Biometric Authentication
For mobile apps, biometric login provides enhanced security:
- Face ID - Facial recognition (iOS)
- Touch ID - Fingerprint (iOS)
- Fingerprint - Biometric sensor (Android)
- Secure Enclave - Biometric data never leaves your device
- Encrypted credentials - Stored securely on device
Learn more about biometric authentication →
Session Management
Balance carefully manages your login sessions:
- Session expiration - Automatic logout after inactivity
- Secure tokens - JWT tokens with expiration
- Device tracking - Monitor active sessions
- Remote logout - Log out from specific devices
- Password change - Logs out all devices for security
Infrastructure Security
AWS Cloud Hosting
Balance runs on Amazon Web Services (AWS):
- SOC 2 certified - Third-party security audits
- ISO 27001 compliant - International security standard
- PCI DSS Level 1 - Highest payment security certification
- Redundant systems - Multiple availability zones
- DDoS protection - Advanced threat detection
- 24/7 monitoring - Always-on security team
Database Security
Our databases are protected with:
- VPC isolation - Not accessible from public internet
- Firewall rules - Strict access controls
- Automated backups - Regular encrypted backups
- Point-in-time recovery - Can restore to any moment
- Audit logging - All database access logged
Application Security
Balance application includes:
- Input validation - Prevents injection attacks
- Rate limiting - Protects against brute force
- CORS policies - Controls cross-origin requests
- Security headers - Modern browser security features
- Dependency scanning - Regular updates for vulnerabilities
Access Controls
Who Can Access Your Data
Only you:
- View your transactions
- See your budget
- Access your accounts
- Modify your information
Balance Support (with your permission):
- View account status
- Help troubleshoot issues
- Verify identity for password resets
- Support provides read-only access only
Never:
- Third-party marketers
- Data brokers
- Other users (except your partner if you share an account)
- Unauthorized staff
Internal Access Controls
Balance employees have:
- Role-based access - Only necessary permissions
- Audit trails - All access logged
- Background checks - For employees with data access
- Security training - Regular security education
- Two-factor authentication - For internal systems
- Principle of least privilege - Minimum necessary access
Privacy Protections
Data Collection
Balance only collects data necessary to provide our service:
We collect:
- ✅ Account information (name, email)
- ✅ Transaction data from connected banks
- ✅ Budget categories and amounts
- ✅ Usage analytics (anonymous)
We don’t collect:
- ❌ Social security numbers
- ❌ Banking passwords
- ❌ More personal info than necessary
- ❌ Browsing history outside Balance
- ❌ Contacts from your device
Data Usage
How we use your data:
- Provide service - Show you transactions and budgets
- Improve features - Understand what works well
- Support - Help when you have issues
- Security - Detect and prevent fraud
We never:
- ❌ Sell your data to third parties
- ❌ Share data with marketers
- ❌ Use data for unrelated purposes
- ❌ Track you across other websites
Data Retention
- Active accounts - Data retained while account active
- Inactive accounts - Data retained for 90 days after cancellation
- Account deletion - Permanent deletion upon request
- Backups - Purged from backups within 30 days
- Legal requirements - Some data may be retained for legal compliance
Third-Party Services
Balance uses trusted third-party services:
Plaid (Bank Connections)
- Industry leader - Used by Venmo, Betterment, and other major apps
- Read-only access - Cannot move money
- Bank-level security - Same security as your bank
- Encrypted connections - All data encrypted
Stripe (Payments)
- Payment processing only - For your subscription
- PCI compliant - Highest payment security standard
- No card data stored - Balance never sees your card number
- Secure tokens - Only encrypted tokens stored
AWS (Hosting)
- Industry standard - Trusted by major companies
- Multiple certifications - SOC, ISO, PCI compliance
- Data encryption - At rest and in transit
- Physical security - Secure data centers
Analytics
- Anonymous data - No personally identifiable information
- Aggregate statistics - Usage patterns, not individual behavior
- Opt-out available - Can disable analytics tracking
- No third-party tracking - No Google Analytics or similar
Incident Response
If a Security Issue Occurs
Balance has a comprehensive incident response plan:
- Detection - Automated monitoring alerts our team
- Assessment - Determine scope and severity
- Containment - Immediately stop the threat
- Investigation - Understand what happened
- Remediation - Fix the vulnerability
- Notification - Inform affected users if necessary
- Prevention - Update systems to prevent recurrence
User Notification
We will notify you if:
- Your data was accessed by unauthorized parties
- We detect suspicious activity on your account
- A security incident affects your account
- Required by law
How we’ll contact you:
- Email to your registered address
- In-app notification
- Push notification (when available)
- Official announcement if widespread
Compliance & Certifications
Balance complies with:
- GDPR - European data protection regulation
- CCPA - California consumer privacy act
- SOC 2 Type II - In progress, demonstrating security controls
- Industry standards - Following financial services best practices
Your Responsibilities
Help keep your account secure:
Do’s
- ✅ Use a strong, unique password - Don’t reuse from other sites
- ✅ Enable biometric login - Additional security layer
- ✅ Keep email secure - Your email is your account recovery method
- ✅ Review transactions regularly - Spot unauthorized activity quickly
- ✅ Log out on shared devices - Don’t stay logged in on public computers
- ✅ Update the app - Get latest security patches
- ✅ Report suspicious activity - Contact us immediately if something seems wrong
Don’ts
- ❌ Don’t share your password - Not even with your partner (use profiles instead)
- ❌ Don’t use public Wi-Fi - Or use a VPN if you must
- ❌ Don’t click suspicious emails - We’ll never ask for your password via email
- ❌ Don’t ignore security alerts - Take action on warnings
- ❌ Don’t use simple passwords - Avoid “Password123” type passwords
- ❌ Don’t save passwords in browser on shared devices
Learn more about password security →
Reporting Security Issues
If You Discover a Security Vulnerability
We appreciate responsible disclosure:
- Email security@balancebudget.app
- Don’t share publicly - Until we’ve fixed the issue
- Provide details - Steps to reproduce, potential impact
- Give us time - We’ll work quickly to address it
- Recognition - We acknowledge responsible reporters (with permission)
Bounty program: We’re working on a bug bounty program for security researchers.
Common Security Questions
Q: Is Balance as secure as my bank?
A: Yes. We use bank-level encryption and security standards. Your bank connection uses read-only access through Plaid, the same service major financial apps use.
Q: Can Balance employees see my transactions?
A: Balance support staff can view account information only when helping you with a support request, and only with your permission. Access is logged and monitored.
Q: What happens if Balance gets hacked?
A: While we have extensive security measures to prevent breaches, we have an incident response plan. We would immediately contain the issue, investigate, and notify affected users.
Q: Can someone access my account if they get my phone?
A: If you have biometric login or a device passcode enabled, they cannot access without your biometric or passcode. Always use device security features.
Q: How is Balance different from my bank’s app?
A: Your bank’s app has read/write access to move money. Balance has read-only access and cannot transfer funds, making it actually more limited (and safer) than your bank’s app.
Q: What if I lose my phone?
A: Your data is stored in the cloud, not on your phone. Log in from another device and you’ll see all your data. Consider remotely wiping your lost device through Find My Device (iOS/Android).
Q: Can my partner see my transactions?
A: If you share a Balance account, yes - that’s the point of couples budgeting. If you need separate finances, create separate Balance accounts.
Transparency
We believe in being open about security:
- This documentation - We explain how we protect you
- Privacy policy - Clear explanation of data practices
- Regular updates - We’ll update this page as security evolves
- Open communication - Ask us questions anytime
Audits & Testing
Our Security Practices
- Regular penetration testing - External security audits
- Vulnerability scanning - Automated daily scans
- Code reviews - All code changes reviewed for security
- Dependency updates - Regular updates to patch vulnerabilities
- Security training - Staff educated on security best practices
Ongoing Improvements
Security is never “done”:
- Monitoring - 24/7 security monitoring
- Updates - Regular security patches
- New features - Security improves with each release
- Feedback - We listen to user security concerns
Next Steps
Learn more about specific security topics:
- Plaid Security Explained - How bank connections work
- Biometric Authentication - Secure login options
- Password Best Practices - Create strong passwords
- Account Recovery - Secure password reset process
Have security questions or concerns? Contact our team - we’re here to help!