Security

How your financial data is handled.

What we see and don't see

We never see your bank password. Plaid handles bank authentication; we only see transaction data you authorize. Atticus has read-only access — it can see your transactions and balances, but it can never move money.

How data is stored

Your data is encrypted at rest and in transit. Database backups are encrypted. Bank access tokens are encrypted with per-user keys, and API keys and other secrets are encrypted at rest.

Plaid's security

Plaid is SOC 2 Type II certified, ISO 27001 certified, and used by major financial institutions including Robinhood, Venmo, Chime, and Acorns. Your bank credentials are entered directly into Plaid and never pass through our servers.

Reporting security issues

Found a security issue? Email ionuska33@gmail.com directly. We respond within 48 hours.