Your Financial Data,
Protected by Design
We know how personal your money is — and how important it is to protect it. That’s why Bountisphere is built from the ground up with bank-level security, read-only access, and strict privacy controls. When you connect your accounts, we protect you at every step.
What We Do — and Don’t — Collect
We only collect the data needed to help you build your plan, track your spending, and improve your financial health. That’s it.
- What we collect:
- Your email and password (for login)
- Account balances and transaction history (via Plaid)
- Your manually entered budget data (if any)
- What we never collect or store:
- Your banking login credentials
- Your Social Security Number
- Full account or routing numbers
- Your phone number, address, or government ID
- Any data unrelated to helping you manage your finances
Even if someone accessed our systems, they would not be able to log into your bank, transfer money, or view sensitive personal information. Bountisphere is designed to be safe by default.
How Bank Connections Work
We use Plaid, the same secure technology trusted by apps like Venmo, Chime, and Robinhood.
- You connect your bank account through Plaid’s secure interface — not through Bountisphere.
- Plaid uses OAuth when possible (e.g., for Chase or Capital One), so you log in directly with your bank.
- We never see or store your login credentials — only tokenized, read-only access.
Bank-Level Encryption and Read-Only Access
- Data in transit is encrypted using TLS 1.2+
- Data at rest is encrypted using AES-256
- Row Level Security (RLS) ensures you only access your own data
- Sensitive operations are handled via secure server-side edge functions
And remember: Bountisphere can’t move money or modify your accounts. It’s fully read-only — your money stays exactly where it is.
Session Security and Account Protection
- Sessions auto-expire after 8 hours
- Idle timeout activates after 15 minutes
- Device fingerprinting monitors for suspicious logins
- Limit of 2 active sessions per user
- Suspicious activity triggers auto-logout
Monitoring and Threat Detection
- 24/7 monitoring of failed logins and unusual behavior
- Rate limiting and input validation to prevent abuse
- All admin and user access is logged and timestamped
- All financial data protected by role-based access controls
We’re Always Improving
Our infrastructure is reviewed regularly and we’re working toward:
- Short-lived token support and password leak protection
- Penetration testing and external vulnerability scans
- Ongoing review of cloud roles, extensions, and schema protections
If you ever want to delete your data, you can do so from your account — no fine print.
Need Help or Have Questions?
We’re happy to answer anything. Email us or message us through the in-app chat anytime.
Last Reviewed: July 28, 2025
Bountisphere: Your Finances, Secure and in Your Control
We prioritize your safety by using the most advanced security technology to protect your personal data. With Bountisphere, your information is completely secure — we’re read-only, so no changes can be made to your accounts without you. Your finances, your control.