Security
Superfin connects to your financial accounts, so protecting your data is core to how we build. Here's how we approach it.
Encrypted in transit
All traffic between your device and Superfin runs over HTTPS/TLS. Connections are HTTPS-only in production.
We never see your bank login
Bank connections are handled by Plaid, a regulated data network trusted by thousands of apps. Your bank credentials are entered with Plaid and are never stored by Superfin.
Read-only by design
Superfin reads your transactions to analyze them. It cannot move money, make payments, or initiate transfers on your accounts.
Payments handled by Stripe
Subscriptions are processed by Stripe. Your full card number never touches Superfin’s servers.
Authentication
Sign-in is managed by Supabase Auth with support for email/password and Google. Passwords are never stored by Superfin in plain text.
Your data, your control
You can disconnect a linked bank at any time. Contact us to request deletion of your account and associated data.
Have a security question or want to report a vulnerability? Email security@superfinapp.com.