Trust

How we protect your data.

Allontas reads from your financial accounts and stores budget and grocery data on your behalf. Here's how we keep that information safe, what we control, and what's in your hands.

Last updated: May 24, 2026

Security is not a feature we ship and forget. It is an ongoing practice woven into how we design, build, and operate Allontas. This page describes the controls we have in place today and how we think about protecting your data over time.

Security at a glance

  • All data is encrypted in transit and at rest using industry-standard algorithms.
  • Bank connections are read-only through Plaid. Allontas cannot move money.
  • Your financial data is not used to train AI models for other customers.
  • We do not sell, broker, or share your financial activity for advertising.
  • SOC 2 Type II audit is in progress.

1. Our principles

Five rules shape every decision we make about security:

  • Read-only by default. Allontas observes your finances. It never moves money or initiates transactions.
  • Collect the minimum. If we don't need data to deliver a feature, we don't collect it.
  • Encrypt everything. In transit, at rest, and in backups.
  • Verify, don't trust. Every service-to-service call is authenticated. Every employee access decision is logged.
  • Be honest when something goes wrong. Customers hear from us promptly if their data is materially affected.

2. Encryption

In transit

All connections to Allontas, whether from your browser, the mobile app, or a service-to-service call, use TLS 1.2 or higher. TLS 1.3 is used where supported. Certificates are managed automatically and rotated regularly.

At rest

Production data is encrypted at rest using AES-256. Encryption keys are managed through our hosting provider's key management service, are rotated on a schedule, and are never stored alongside the data they protect.

Backups

Backups inherit the same encryption as production. When you delete your account, your data is removed from active systems within 30 to 45 days. Encrypted backups containing residual copies roll off in the ordinary course of business.

3. Bank connections

Allontas uses Plaid as our financial data provider. When you connect a financial account:

  • Your bank login credentials never touch our servers. Plaid handles the authentication.
  • The connection is read-only. Allontas can pull transactions and balances. It cannot transfer funds, pay bills, open accounts, or move money in any direction.
  • You can disconnect an account at any time from within the app. Disconnecting revokes our access immediately.

Allontas syncs transactions exclusively through Plaid (read‑only). Connecting your accounts is required for the budgeting, plan vs. actual, and forward runway features to work, but the connection is read‑only and can be revoked at any time.

4. Access controls

We treat access to production data as a privilege, not a default.

  • Employees do not have standing access to customer data. Access is granted on request, for a specific purpose, and logged.
  • All employee accounts use strong, unique credentials with hardware-backed multi-factor authentication.
  • Production systems are accessed through bastion hosts with session logging.
  • Single Sign-On is required for all internal tools.
  • Access is reviewed regularly and revoked when no longer needed.

5. Infrastructure

Allontas is built on managed cloud services with security baked in:

CF

Cloudflare Pages

Marketing site and asset delivery, with built-in DDoS protection and WAF.

SB

Supabase

Application database and authentication, with row-level security and isolated tenants.

PL

Plaid

Bank account connections. Plaid is read-only and never shares credentials with Allontas.

OA

OpenAI

Generates plain-language insights from your transactions. Configured so your data is not used to train models.

Each provider is a major operator with its own security program. We layer Allontas-specific controls on top.

6. AI safety

Allontas uses AI as an assistive layer for plain-language insights. We apply specific guardrails:

  • Your data does not train other people's models. When we send transaction or budget data to AI providers, we use settings and contractual terms that prohibit using your data for model training.
  • No solely automated decisions. AI surfaces patterns and suggestions. People decide.
  • AI never moves money. Even if AI suggests an action, executing it always requires you.
  • Grocery comparison is not AI. Basket pricing is deterministic and database-backed. No model is making up prices.

7. Vendor management

Every vendor that touches customer data is reviewed before we use them and re-reviewed on a regular cadence. We evaluate:

  • independent security certifications (SOC 2, ISO 27001, PCI DSS)
  • data processing agreements and sub-processor lists
  • encryption practices, breach history, and incident response
  • geographic data residency

We maintain a current list of sub-processors. You can request a copy through [email protected].

8. Monitoring and incident response

We monitor production systems continuously. Alerts wake an engineer when something abnormal happens, including:

  • unusual sign-in patterns
  • spikes in failed authentication
  • unauthorized access attempts
  • error or latency anomalies

If a security incident materially affects your data, we will notify you in line with applicable law. We commit to clear, plain-English notifications, not legalese.

9. What you can do

Security is a partnership. A few habits go a long way:

  • Use a strong, unique password for Allontas.
  • Turn on multi-factor authentication if your email provider supports it.
  • Keep your phone's OS and the Allontas app up to date.
  • Be cautious with emails or texts claiming to be Allontas. We will never ask for your password, full bank credentials, or one-time codes by email or text.
  • If a device is lost or stolen, disconnect bank accounts from your Allontas settings and contact us at [email protected].

10. Report a vulnerability

If you believe you've found a security issue in Allontas, please tell us. We appreciate responsible disclosure.

  • Email [email protected] with a clear description and reproduction steps.
  • Give us a reasonable window to investigate and fix before public disclosure.
  • Do not access or modify data that isn't yours, do not run automated scanners against production, and do not test in ways that could degrade service for other users.

We will acknowledge receipt promptly, keep you updated as we investigate, and credit researchers who help us improve.

11. Contact us

For security questions, sub-processor lists, or compliance documentation: