Security overview

Security is paramount at Balance. Shipping secure and reliable software is a top priority and a key feature. Here is an overview of our security practices at Balance.

Your financial data is secure

First, please note that we only have read-only access to your financial data. In other words, we cannot debit, credit, or transfer money to and from your account. Second, we do not have access to your banking credentials. We cannot obtain them, we do not need them, and we do not store them. We use a trusted partner, Plaid, to provide us with your financial data.

Your data is protected

Sensitive and private information stored in our databases is encrypted and only accessible using a master key. This means that if someone were to obtain the database, they would not be able to read your private data. However, they would be able to read the metadata, which is considered non-sensitive. In addition to the database being encrypted at-work, it is also encrypted when at-rest. This means that any backups of the database are encrypted and only accessible to system administrators. Lastly, whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS.

Your data is yours

We never sell or trade your data. Unlike services like Mint, which may show you targeted ads, your data remains secure within Balance.

We enforce good authentication regime

When you sign up for Balance, we ensure your password is secure and not compromised. We compare it to https://haveibeenpwned.com/ and won’t let you register if it has been exposed. This safeguards you (and us) from attackers attempting to access your account. Additionally, we are also implementing two-factor authentication (like a security or biometric key) to further protect your account.

Audited access to production servers

All interactions with production servers via the console are recorded and audited. Sensitive data is hidden by default and an employee or contractor must obtain written consent from the user before accessing it. Access and commands are audited on a weekly basis.

Our subprocessors

Balance uses third-party services to run our applications. Here is a complete list of our subprocessors:

  • AppSignal — Infrastructure and application monitoring.
  • AWS — Cloud services provider.
  • CloudFlare — Cloud services provider.
  • DataDog — Application log management.
  • New Relic — Application performance monitoring
  • Plaid — Financial data provider.
  • PlanetScale — Managed database provider.
  • Render — Cloud services provider.
  • Stripe — Payment processing services.

If you have any questions about security at Balance, please reach out to [email protected].