My Financial Freedom Tracker

How We Protect Your Data

Your financial information deserves careful handling. Here's exactly what we do — and don't do — to keep it safe.

Honest About Security

We believe in transparency over marketing buzzwords. This page tells you exactly what security measures we have in place, how your data is stored, and what your rights are. No exaggeration, no vague promises.

Technical Security Measures

Encrypted Connections (HTTPS/TLS)

All data transmitted between your browser and our servers is encrypted using HTTPS with TLS. This prevents anyone from intercepting your financial data in transit.

Secure Password Storage

Passwords are hashed using bcrypt with a unique salt per user — they are never stored in plain text. Sessions use JWT tokens with a 30-minute expiry (or 30 days with 'remember me').

Hosting & Infrastructure

Our backend runs on Railway, the database is hosted on Supabase (PostgreSQL), and the frontend is served via Vercel from EU data centers (Frankfurt). All platforms provide their own infrastructure-level security.

Security Headers & Input Validation

We enforce strict security headers (CSP, X-Frame-Options, X-Content-Type-Options) and validate all input using typed schemas to prevent injection attacks and XSS.

Rate Limiting

API endpoints are rate-limited to prevent abuse. Error tracking via Sentry helps us detect and respond to issues quickly.

Data Storage & Location

Your data is stored in Supabase PostgreSQL. Our frontend is served from Vercel's EU region (Frankfurt). Supabase provides database-level protections including automated backups and encrypted connections.

Vercel EU region (Frankfurt)Supabase PostgreSQL databaseAutomated database backupsTLS-encrypted database connections

Privacy & GDPR

We aim to align with GDPR principles. Here's where we stand:

  • We collect only data you explicitly provide (no tracking cookies or hidden analytics)
  • You can view all your data through the dashboard at any time
  • You can request account and data deletion by contacting us via email
  • We are transparent about what data we collect and why

We Never Sell Your Data

Your financial data is yours. We do not sell, share, or monetize your personal information. We have no advertising, no third-party trackers, and no data broker relationships. The only third parties that touch your data are our hosting providers (Supabase, Railway, Vercel).

This is a core principle, not just a policy.

Your Data, Your Control

You own your data. If you want to leave, contact us and we will delete your account and all associated data. We are actively working on self-service account deletion and data export features.

Questions About Security?

We're happy to answer any questions about how we handle your data. Transparency is important to us.

Contact us at support@myfinancialfreedomtracker.com