Security

Your financial data is sensitive. Here's how we protect it at every layer.

Encryption

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Plaid access tokens are encrypted with a dedicated key before storage.

PII Masking

Account numbers, Social Security numbers, and other sensitive data are automatically masked before being sent to any AI model. The LLM never sees your raw financial identifiers.

Row-Level Security

Our database enforces row-level security policies, ensuring users can only access their own data. Every query is scoped to the authenticated user.

Infrastructure

We use Supabase (PostgreSQL) for data storage with enterprise-grade security. Authentication is handled via Supabase Auth with support for OAuth providers and email/password.

Plaid Integration

We use Plaid to connect to your financial institutions. KrowtenIQ never sees or stores your bank login credentials. Plaid handles authentication directly with your bank and provides us with read-only access tokens to retrieve transaction and balance data.

Access Controls

All API endpoints require authentication. Service-level keys are rotated regularly and stored as environment variables, never in source code. Administrative access to production systems is restricted and audited.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@krowteniq.com. We take all reports seriously and will respond within 48 hours.