You're trusting us with your family's most sensitive financial information. Here's exactly how we protect it.
All data transmitted between your browser and our servers is encrypted using TLS 1.2+. Our .app domain enforces HTTPS by default — unencrypted connections are not possible.
Your data is protected at the database level. Row-level security means that even if someone bypassed our application layer, database rules prevent any user from accessing another user's data. Your household data is yours alone.
Passwords are hashed using bcrypt and never stored in plain text. Authentication is handled by Supabase Auth, which follows industry best practices including secure session tokens and automatic expiration.
Your data is stored with Supabase, which is SOC 2 Type 2 certified. This means their security practices have been independently audited and verified by a third party.
We do not sell, rent, or share your personal or household financial data with advertisers or data brokers. Your information is used solely to provide you with the service.
We only collect what you explicitly enter. We don't track your behavior across the web, use advertising cookies, or collect more information than necessary to operate the service.
We take security reports seriously. If you discover a vulnerability, please email us at hello@ourfamilyvault.app with details. We will respond within 48 hours and work to resolve confirmed issues promptly.
Please do not publicly disclose vulnerabilities before we've had a chance to address them.