Security
Last updated: June 13, 2026
How we think about security
Thinking Budget holds some of your most sensitive information — your spending, your accounts, your plans. We design the product so that the people who built it can see as little of that as possible, and so that a breach of any single layer doesn’t expose your data.
This page explains, in plain language, the measures we take. It is not a contract; for commitments and your rights, see our Privacy Policy.
Encryption everywhere
In transit. All traffic between your device and Thinking Budget is encrypted with TLS. We do not serve any part of the app over an unencrypted connection.
At rest. Sensitive fields — linked-account identifiers, access tokens, and transaction details — are encrypted before they are written to the database. The encryption keys live outside the database, so a copy of the database alone cannot be read.
Envelope encryption. Rather than protecting everything with one master key, each unit of data is encrypted with its own data key, and those data keys are themselves encrypted by a master key. This limits the blast radius of any single key and lets us rotate keys without re-encrypting the world.
Sign-in without passwords
Thinking Budget uses passkeys (WebAuthn) as the primary way to sign in, with a magic-link email fallback. There is no password for an attacker to phish, guess, or steal in a breach. Your passkey never leaves your device.
Least-privilege access
Access to production systems is limited to the few people who need it, and reading the contents of your account requires a specific reason — a support request you initiated, or a good-faith investigation of abuse. We log access to sensitive systems.
Keeping keys and secrets safe
Encryption keys and service secrets are stored in dedicated secret management, never in our source code or configuration files, and never in the database alongside the data they protect. Our architecture is designed so we can move to a managed key service (KMS / HSM) without changing how your data is encrypted.
What encryption can and can’t do
We’re honest about the limits: encryption protects your data at rest and in transit, but once data is decrypted to be shown to you, it exists in memory to do its job. That’s why the measures above — passwordless sign-in, least-privilege access, key isolation, and secret management — matter just as much as the cryptography itself.
Reporting a vulnerability
Found something? We want to hear about it. Email security@thinkingbudget.com with details and we’ll respond promptly. We appreciate responsible disclosure and will not pursue good-faith security research.