Data Security

1. Our Security Commitment

At Your Money Plan, security is not an afterthought — it is a foundational principle. We understand that you trust us with sensitive financial information, and we take that responsibility seriously. Our application is built on top of enterprise-grade infrastructure provided by Google Cloud Platform, and every layer of our architecture has been designed with data protection in mind.

2. Data Encryption

All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security) encryption. This means that your financial information cannot be intercepted or read by third parties while in transit.

At rest, your data is stored in Google Firebase and Google Cloud Platform services that provide automatic encryption using AES-256 bit encryption. This is the same level of encryption trusted by major financial institutions worldwide.

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for all data at rest via Firebase / GCP
• Encrypted database backups with restricted access
• Secure key management through Google Cloud KMS

3. Authentication Security

User authentication is powered by Firebase Authentication, a battle-tested identity platform used by millions of applications. We never store raw passwords — all credentials are securely hashed and managed by Firebase.

• Secure session management with short-lived tokens
• Password hashing handled by Firebase Auth (bcrypt/scrypt)
• Support for Google Sign-In as an OAuth provider
• Automatic session expiry and re-authentication flows
• Rate-limited login attempts to prevent brute-force attacks

4. Financial Data Protection

Your Money Plan is designed around a privacy-first approach to financial data:

• No bank connections — we never connect to your bank accounts or request banking credentials
• No credit card storage — we do not store credit card numbers or payment instrument details
• Manual entry by design — your expense and budget data is entered by you, ensuring you always know exactly what information we hold
• Receipt images — uploaded receipt photos are processed for data extraction and stored securely in your account

5. Third-Party Security

We rely on Google Cloud Platform for our core infrastructure. Google Cloud maintains some of the most rigorous security standards in the industry, including:

• SOC 1, SOC 2, and SOC 3 compliance
• ISO 27001, ISO 27017, and ISO 27018 certifications
• Regular third-party security audits and penetration testing
• Physical security of data centers with 24/7 monitoring

Our AI features are powered by Google Gemini, which processes data under Google Cloud's enterprise data processing terms. Your financial data is not used to train AI models.

6. Your Data Rights

You have full control over your data at all times. Your rights include:

• Access — view all the personal and financial data we hold about you at any time through the application
• Export — download your complete data set in portable formats (CSV, PDF) from within the app
• Deletion — request full deletion of your account and all associated data at any time through account settings

When you delete your account, all personal data, expenses, budgets, and uploaded receipt images are permanently removed from our systems within 30 days.

7. AI Data Processing

Our AI features (receipt scanning, expense categorization, budget coaching) are designed with privacy in mind:

• No model training: Your financial data is never used to train AI models
• Ephemeral processing: AI queries are processed in real-time and not stored beyond your session
• Anonymized insights: Aggregate patterns may inform product improvements, but never individual data
• Human oversight: Critical financial recommendations include disclaimers and human review options

8. Contact Us

For security questions, vulnerability reports, or data inquiries: