Security & Architecture

Unlike legacy budgeting apps (Mint, Monarch, YNAB), SpendKeep never asks for your banking credentials and never connects to data aggregators like Plaid or Yodlee.

By avoiding direct bank sync, we completely eliminate the risk of credential harvesting and third-party data breaches. Your transaction data only enters our system when you explicitly forward an alert or upload a CSV, and even then, it is heavily sanitized.

All structured data is stored in a dedicated PostgreSQL instance secured by Supabase. We utilize strict Row-Level Security (RLS) policies at the database kernel level.

This means that every single database query is authenticated against your unique cryptographic session token. It is mathematically impossible for another user—or even a compromised application endpoint—to query your financial ledgers.

When our Llama-3 AI categorizes your transactions, the data is stripped of personally identifiable information (PII) before inference. The models do not train on your transaction history, ensuring your spending patterns are never regurgitated by public LLMs.

Authentication is handled via robust OAuth 2.0 (Google) and 8-digit secure OTP verification. All traffic is encrypted in transit via TLS 1.3, and data at rest is encrypted using AES-256. We actively monitor and comply with modern privacy frameworks to ensure your financial footprint remains exclusively yours.