Your money data deserves
serious protection
Here's how we keep your financial information safe.
The short version
We can only look
Read-only access. We cannot move your money.
We never see your bank login
You authenticate with your bank directly. We only get a token.
Everything is encrypted
AES-256 for stored data. TLS for data in transit.
You are the customer
We make money from subscriptions, not selling your data.
How we protect your data
Bank connections
We use Plaid and SimpleFin—trusted providers used by Venmo, Coinbase, and major banks. You authenticate directly with your bank. We receive a secure token, never your credentials. We never see full account numbers. Access is strictly read-only.
Encryption
All sensitive data is encrypted at rest using AES-256, the same standard used by banks. All connections are encrypted in transit using TLS.
Authentication
Passwords are securely hashed—we cannot see them. Two-factor authentication available. Backup codes for recovery. Password resets are time-limited and single-use.
Attack prevention
Rate limiting prevents brute-force attacks. Webhook signatures verify data authenticity. Protection against SQL injection. Sessions expire automatically.
AI and your data
We use AI to make categorization faster and more accurate. Here's exactly what we send and what we don't.
What we send to AI
- •Transaction descriptions — The merchant name or memo from your bank (e.g., "TIM HORTONS #1234", "AMAZON.CA*AB1CD2EF3")
- •Transaction amounts — To help distinguish between similar merchants (e.g., a $4 coffee vs. a $400 appliance purchase)
- •Your category names — So the AI knows which categories to suggest (e.g., "Groceries", "Entertainment")
- •Receipt images — Only when you upload a receipt for OCR scanning
What we never send to AI
- ✕Your name, email, or any personal identifiers
- ✕Account numbers or bank credentials
- ✕Your account balances or net worth
- ✕Transaction dates or patterns that could identify you
- ✕Any data linking transactions to your identity
Real-time processing only
Data is processed and immediately discarded. Nothing is stored by AI providers after generating a response.
Opted out of training
We use AI models that are explicitly opted out of using customer data for model training.
Minimal data principle
We only send what's absolutely necessary for categorization—nothing more.
What data we collect
Email address, name (optional), preferences, authentication tokens
To authenticate you, send important notifications, and personalize your experience
Stored in our encrypted database. We only email you about account activity and based on your consent preferences—you can opt out anytime.
Account names, balances, and transactions (merchant name, amount, date). We NEVER receive your full account numbers—only masked identifiers like ****1234.
To display your accounts, categorize spending, generate insights, and power AI-driven features like spending summaries and budget recommendations
Transaction data is stored in our encrypted database. Bank access tokens are encrypted with AES-256-GCM before storage. Data syncs automatically when your bank reports new transactions.
Custom categories, transaction rules, budget settings, projects/goals
To organize your finances according to your preferences and automate categorization
Stored alongside your account data. Soft-deleted when removed (kept 30 days for recovery, then permanently deleted).
Feature usage patterns, error logs, performance metrics
To improve the app, fix bugs, and understand which features are most valuable
Aggregated and anonymized where possible. Individual logs retained for debugging purposes only.
We do NOT store your payment card details
Subscription billing is handled entirely by Stripe
Stripe stores your payment method securely. We only receive confirmation of payment status.
What we will never do
- ✕Sell your data to third parties
- ✕Show you targeted ads based on your finances
- ✕Share your information with data brokers
- ✕Use your data to train AI models for other purposes
Third-party services we use
We partner with trusted providers to run WIMD. Here's who has access to what.
| Service | What they do | Data they access |
|---|---|---|
| Plaid | Connects to your bank accounts securely | Your bank login (only during auth—we never see it), account names, balances, transaction history. They store an access token to sync your data. |
| SimpleFin | Alternative bank connection service | Same as Plaid—account names, balances, and transactions. You choose which provider to use when connecting your bank. |
| Stripe | Processes subscription payments | Your payment card, billing address, and email. They store your payment method for recurring billing. We only see payment status, not card details. |
| Resend | Sends transactional emails | Your email address and name (for personalization). Used for account verification, password resets, and notifications you've opted into. |
| OAuth sign-in and AI-powered features (Gemini) | If you sign in with Google: your email and name. For AI features: transaction descriptions only (no personal identifiers). | |
| OpenRouter | AI model routing for transaction categorization | Transaction descriptions and amounts only. No account info, no user identifiers, no dates. We use models opted out of training. |
| PostHog | Product analytics to understand how the app is used | Your user ID (to track sessions), pages visited, features used, button clicks, and error reports. You can request to opt out of tracking by contacting us. |
| Self-managed infrastructure | Database and background processing | All your app data. Encrypted at rest (AES-256) and in transit (TLS). We control access—no third-party has direct database access. |
All services are selected for their security track record and compliance with industry standards.
Questions or concerns?
Security is not a feature we ship once and forget. If you spot something that doesn't look right, or have questions about how we handle your data, we want to hear from you.
Contact [email protected]Last updated: January 2025