Built to protect your financial life
Per-user data isolation
Every record is scoped to your account at the database layer — no request can reach another household's data.
No passwords to leak
Sign-in is via Google. We never store a password. Sessions are opaque server-side tokens, revocable at any time.
CSRF & transport protection
All state-changing requests are CSRF-protected, and production traffic is served over HTTPS with strict security headers.
Privacy of sensitive figures
Household names and amounts are scrubbed from server logs. Your plan data is never sold or shared.
You own your data
Export everything as JSON, or delete your account and all data permanently — anytime, from the app.
Auditable actions
Sign-ins, plan changes, and admin actions are recorded to a tamper-evident audit log.