Security

At BudgetPal AI, we take the security of your financial data seriously. Learn about our security practices and how we protect your information.

Our Security Commitment

BudgetPal AI is a product of Knailab LLC. We understand that you're entrusting us with sensitive financial information, and we're committed to protecting it using industry-standard security practices.

While no system can guarantee 100% security, we implement multiple layers of security measures and continuously work to improve our security posture.

Infrastructure and Hosting

AWS Cloud Infrastructure

BudgetPal AI is hosted on Amazon Web Services (AWS), a leading cloud provider with robust security certifications including SOC 2, ISO 27001, and PCI DSS Level 1. We leverage AWS's security features including:

  • Secure data centers with physical security controls
  • Network security and DDoS protection
  • Automated backups and disaster recovery capabilities
  • Regular security updates and patches

Encryption

Encryption in Transit

All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) version 1.2 or higher. This ensures that your information cannot be intercepted or read by third parties while in transit over the internet.

When you connect your financial accounts through Plaid, Plaid also uses bank-level encryption to secure the connection between Plaid and your financial institutions.

Encryption at Rest

Sensitive data stored in our databases is encrypted at rest using industry-standard encryption algorithms. This protects your information even if our storage systems were to be compromised.

Access Controls

Limited Employee Access

We follow the principle of least privilege. Only employees who need access to your data to provide support or maintain the service are granted access, and only to the minimum amount of data necessary for their role.

  • All employee access is logged and monitored
  • Access is granted on a need-to-know basis
  • Employees undergo security training and background checks
  • Access is revoked immediately when no longer needed

Authentication and Account Security

We implement several measures to protect your account:

  • Secure password requirements: We require strong passwords and may implement additional authentication methods in the future
  • Session management: Your sessions are securely managed and automatically expire after periods of inactivity
  • Account activity monitoring: We monitor for suspicious activity and may require additional verification if unusual activity is detected

Your responsibility: Please keep your account credentials secure. Do not share your password with anyone, and use a unique password for BudgetPal AI that you don't use elsewhere.

Third-Party Security

BudgetPal AI integrates with trusted third-party services that handle sensitive operations:

  • Plaid: For secure financial account connections. Plaid is a trusted financial technology company that uses bank-level security and encryption. We never see or store your banking credentials.
  • Stripe: For payment processing. Stripe is PCI DSS Level 1 certified and handles all payment card data securely. We do not store your full payment card details.

We carefully vet all third-party service providers and ensure they meet high security standards before integrating with them.

Monitoring and Incident Response

We continuously monitor our systems for security threats, unauthorized access attempts, and anomalies:

  • Automated security monitoring and alerting
  • Regular security audits and assessments
  • Logging and analysis of system activity
  • Incident response procedures in case of a security breach

In the unlikely event of a security incident that affects your data, we will notify affected users and relevant authorities as required by law.

Regular Updates and Maintenance

We regularly update our software, dependencies, and infrastructure to address security vulnerabilities:

  • Regular security patches and updates
  • Dependency vulnerability scanning
  • Code security reviews
  • Staying informed about emerging security threats

Responsible Disclosure

Report Security Vulnerabilities

We take security seriously and appreciate the security research community's efforts to help keep BudgetPal AI secure. If you discover a security vulnerability, we encourage you to report it to us responsibly.

Please do not:

  • Exploit vulnerabilities on real user accounts or data
  • Access, modify, or delete data that doesn't belong to you
  • Disrupt our services or other users' experience
  • Disclose the vulnerability publicly before we've had a chance to address it

Please do:

  • Report vulnerabilities to us as soon as possible
  • Provide detailed information about the vulnerability
  • Give us reasonable time to fix the issue before disclosure
  • Act in good faith and in accordance with applicable laws

Report security issues to: security@knailab.com

We will acknowledge receipt of your report within 48 hours and work with you to understand and address the issue.

Security Disclaimer

While we implement industry-standard security measures and continuously work to improve our security posture, no system is perfectly secure. The internet and cloud computing involve inherent risks, and we cannot guarantee absolute security of your data.

We recommend that you:

  • Use strong, unique passwords
  • Keep your devices and browsers up to date
  • Be cautious about phishing attempts
  • Monitor your financial accounts regularly
  • Report any suspicious activity to us immediately

Questions About Security?

If you have questions about our security practices or concerns about the security of your account, please contact us:

Knailab LLC

Security inquiries: security@knailab.com

General support: support@knailab.com

Contact form: budgetpal.knailab.com/contact

BudgetPal AI is a product of Knailab LLC. This Security page is governed by the laws of Colorado, USA.