Security & Data Protection

Security commitment

AutoBudget is built for sensitive household financial workflows. Our security program is designed to protect authentication data, budgeting data, Plaid-connected financial data, operational logs, and support information through layered technical and administrative controls.

We do not claim bank-level custody, deposit insurance, or investment-adviser status. AutoBudget is a planning and visibility tool, and security controls are reviewed as the product matures.

Key controls

• Authentication: account access is protected by supported identity providers and application session controls.
• Encryption: production traffic is served over HTTPS; secrets and provider tokens are kept out of source code and stored in managed secret systems.
• Access control: production access follows least-privilege principles and is limited to authorized operators with a business need.
• Plaid data handling: bank credentials are collected by Plaid, not AutoBudget. AutoBudget stores only permissioned data and tokens needed to provide linked-account features.
• Logging discipline: logs are intended for diagnostics and security monitoring, not for exposing full account credentials or unnecessary financial detail.
• Secure development: changes are reviewed, tested locally, and scanned for dependency, secret, and code-quality issues before release where tooling is available.
• Backups and recovery: operational data is protected through provider-managed durability and release rollback practices.

Data classification

• Restricted: secrets, Plaid access tokens, authentication identifiers, and security incident material.
• Confidential: financial account data, transactions, balances, budgets, bills, paychecks, debts, goals, and support tickets.
• Internal: operational metrics, non-sensitive diagnostics, runbooks, and release notes.
• Public: marketing pages, help content, this security page, the Privacy Policy, and Terms of Use.

Incident response

Suspected security incidents are triaged by severity, investigated, contained, and remediated. If an incident affects personal information or financial data, AutoBudget will provide notices required by applicable law and coordinate with relevant providers where appropriate.

Vulnerability reporting

If you believe you found a vulnerability, email security@autobudget.moneywith a clear description, affected URLs or components, reproduction steps, and your contact information. Please avoid accessing, modifying, deleting, or exfiltrating data that is not yours.

We aim to acknowledge credible reports promptly, prioritize based on risk, and provide a resolution update when remediation is complete.

User responsibilities

• Use a strong, unique password or trusted identity provider for your account.
• Keep your email account secure because it may be used for account recovery.
• Review linked accounts and disconnect any account you no longer want AutoBudget to access.
• Report suspicious activity or unexpected data immediately.