Security is not a feature we ship and forget. It is an ongoing practice woven into how we design, build, and operate Allontas. This page describes the controls we have in place today and how we think about protecting your data over time.
Security at a glance
- All data is encrypted in transit and at rest using industry-standard algorithms.
- Bank connections are read-only through Plaid. Allontas cannot move money.
- Your financial data is not used to train AI models for other customers.
- We do not sell, broker, or share your financial activity for advertising.
- SOC 2 Type II audit is in progress.
1. Our principles
Five rules shape every decision we make about security:
- Read-only by default. Allontas observes your finances. It never moves money or initiates transactions.
- Collect the minimum. If we don't need data to deliver a feature, we don't collect it.
- Encrypt everything. In transit, at rest, and in backups.
- Verify, don't trust. Every service-to-service call is authenticated. Every employee access decision is logged.
- Be honest when something goes wrong. Customers hear from us promptly if their data is materially affected.
2. Encryption
In transit
All connections to Allontas, whether from your browser, the mobile app, or a service-to-service call, use TLS 1.2 or higher. TLS 1.3 is used where supported. Certificates are managed automatically and rotated regularly.
At rest
Production data is encrypted at rest using AES-256. Encryption keys are managed through our hosting provider's key management service, are rotated on a schedule, and are never stored alongside the data they protect.
Backups
Backups inherit the same encryption as production. When you delete your account, your data is removed from active systems within 30 to 45 days. Encrypted backups containing residual copies roll off in the ordinary course of business.
3. Bank connections
Allontas uses Plaid as our financial data provider. When you connect a financial account:
- Your bank login credentials never touch our servers. Plaid handles the authentication.
- The connection is read-only. Allontas can pull transactions and balances. It cannot transfer funds, pay bills, open accounts, or move money in any direction.
- You can disconnect an account at any time from within the app. Disconnecting revokes our access immediately.
Allontas syncs transactions exclusively through Plaid (read‑only). Connecting your accounts is required for the budgeting, plan vs. actual, and forward runway features to work, but the connection is read‑only and can be revoked at any time.
4. Access controls
We treat access to production data as a privilege, not a default.
- Employees do not have standing access to customer data. Access is granted on request, for a specific purpose, and logged.
- All employee accounts use strong, unique credentials with hardware-backed multi-factor authentication.
- Production systems are accessed through bastion hosts with session logging.
- Single Sign-On is required for all internal tools.
- Access is reviewed regularly and revoked when no longer needed.
5. Infrastructure
Allontas is built on managed cloud services with security baked in:
CF
Cloudflare Pages
Marketing site and asset delivery, with built-in DDoS protection and WAF.
SB
Supabase
Application database and authentication, with row-level security and isolated tenants.
PL
Plaid
Bank account connections. Plaid is read-only and never shares credentials with Allontas.
OA
OpenAI
Generates plain-language insights from your transactions. Configured so your data is not used to train models.
Each provider is a major operator with its own security program. We layer Allontas-specific controls on top.
6. AI safety
Allontas uses AI as an assistive layer for plain-language insights. We apply specific guardrails:
- Your data does not train other people's models. When we send transaction or budget data to AI providers, we use settings and contractual terms that prohibit using your data for model training.
- No solely automated decisions. AI surfaces patterns and suggestions. People decide.
- AI never moves money. Even if AI suggests an action, executing it always requires you.
- Grocery comparison is not AI. Basket pricing is deterministic and database-backed. No model is making up prices.
7. Vendor management
Every vendor that touches customer data is reviewed before we use them and re-reviewed on a regular cadence. We evaluate:
- independent security certifications (SOC 2, ISO 27001, PCI DSS)
- data processing agreements and sub-processor lists
- encryption practices, breach history, and incident response
- geographic data residency
We maintain a current list of sub-processors. You can request a copy through [email protected].
8. Monitoring and incident response
We monitor production systems continuously. Alerts wake an engineer when something abnormal happens, including:
- unusual sign-in patterns
- spikes in failed authentication
- unauthorized access attempts
- error or latency anomalies
If a security incident materially affects your data, we will notify you in line with applicable law. We commit to clear, plain-English notifications, not legalese.
9. What you can do
Security is a partnership. A few habits go a long way:
- Use a strong, unique password for Allontas.
- Turn on multi-factor authentication if your email provider supports it.
- Keep your phone's OS and the Allontas app up to date.
- Be cautious with emails or texts claiming to be Allontas. We will never ask for your password, full bank credentials, or one-time codes by email or text.
- If a device is lost or stolen, disconnect bank accounts from your Allontas settings and contact us at [email protected].
10. Report a vulnerability
If you believe you've found a security issue in Allontas, please tell us. We appreciate responsible disclosure.
- Email [email protected] with a clear description and reproduction steps.
- Give us a reasonable window to investigate and fix before public disclosure.
- Do not access or modify data that isn't yours, do not run automated scanners against production, and do not test in ways that could degrade service for other users.
We will acknowledge receipt promptly, keep you updated as we investigate, and credit researchers who help us improve.
For security questions, sub-processor lists, or compliance documentation: