Trust

Privacy & security

No bank linking. AES-256-GCM field-level encryption at rest. Rate-limited authentication. One-click data export.

No bank linking

Finance Tracker does not connect to your bank. We don't use Plaid, MX, Yodlee, or any other aggregator. Your bank credentials never leave your bank — because we never ask for them.

The trade-off: you bring your own data. The bulk-import flow exists to make this fast.

Why this matters

An aggregator that holds your bank credentials is a single point of compromise. By never holding those credentials, Finance Tracker removes itself from that threat model entirely.

Field-level encryption

Sensitive fields on every transaction are encrypted at rest using AES-256-GCM. The encryption key lives in a server-only environment variable; database backups, snapshots, or any direct database access reveal only ciphertext for these fields.

Authenticated reads through the app decrypt fields just-in-time and only for the user who owns them.

Authentication

Email + password with bcrypt-hashed passwords. Auth endpoints (register, login, password reset) are rate-limited via Upstash Redis to slow down brute-force attempts. Reset links are single-use and expire.

Data export

From Settings, click Export data to download a JSON file containing every expense, income, label, group, card, and recurring payment in your account. It's the full picture, not a summary.

Settings page with export-data button — Export your data any time, in full.

CSV/Excel export of transactions is on the roadmap. The current JSON export is the canonical, no-data-loss form.

Deleting your data

Bulk delete on the expenses page removes those rows permanently. Account-level deletion happens on request — contact support and your full record is removed from the database, not just soft-deleted.