How We Protect Your Data

Last updated 2026-02-22

Our commitment to security

Your financial data is sensitive, and we take its protection seriously. Here's how Finance Frank keeps your information safe.

Encryption

In transit

All data transmitted between your device and Finance Frank is encrypted using TLS 1.3 — the latest transport layer security standard. This applies to the web app, mobile app, and API.

At rest

Your data stored in our database is encrypted using AES-256 encryption. This means even if the underlying storage were compromised, your data would remain unreadable without the encryption keys.

Sensitive fields

Highly sensitive information such as Tax File Numbers receives an additional layer of Fernet encryption (AES-128-CBC with HMAC-SHA256) at the application level before it is written to the database. This means these fields are double-encrypted — once by the application and once by the database.

Database security

Finance Frank uses Supabase with Row-Level Security (RLS) policies. This ensures:

  • You can only access your own data
  • Collaborators can only access data you've explicitly shared with them
  • No user can ever view another user's financial information
  • Database queries are enforced at the database level, not just the application level

Authentication

  • Passwords are hashed using industry-standard algorithms — we never store plain-text passwords
  • Session tokens are short-lived and securely managed
  • Email verification is required for all new accounts

Infrastructure

  • Backend hosted on Railway (SOC 2 compliant), frontend on Vercel global CDN
  • Database on Supabase (managed PostgreSQL with automatic daily backups)
  • Regular security updates and patching
  • Automated error monitoring via Sentry (no PII is sent to Sentry)

Your privacy

  • We never sell your data
  • We do not share your financial information with third parties
  • Frank AI processes your data in the context of your account only — it is not used to train AI models
  • See our Privacy Policy for full details

Data deletion

You can request complete deletion of your account and all associated data at any time by contacting support@financefrank.ai. We will process deletion requests within 30 days.

Reporting security issues

If you discover a security vulnerability, please contact us immediately at security@financefrank.ai. We take all reports seriously and will respond promptly.