← Back to home

Security

Superfin connects to your financial accounts, so protecting your data is core to how we build. Here's how we approach it.

Encrypted in transit

All traffic between your device and Superfin runs over HTTPS/TLS. Connections are HTTPS-only in production.

We never see your bank login

Bank connections are handled by Plaid, a regulated data network trusted by thousands of apps. Your bank credentials are entered with Plaid and are never stored by Superfin.

Read-only by design

Superfin reads your transactions to analyze them. It cannot move money, make payments, or initiate transfers on your accounts.

Payments handled by Stripe

Subscriptions are processed by Stripe. Your full card number never touches Superfin’s servers.

Authentication

Sign-in is managed by Supabase Auth with support for email/password and Google. Passwords are never stored by Superfin in plain text.

Your data, your control

You can disconnect a linked bank at any time. Contact us to request deletion of your account and associated data.

Have a security question or want to report a vulnerability? Email security@superfinapp.com.