Your Data is Encrypted

Protected at rest, in transit, and from everyone — including us.

AES-256 Encryption

Military-grade encryption for your sensitive data. The same standard used by banks.

Encrypted at Rest

Your data is encrypted on disk. Even physical access won't expose it.

Encrypted in Transit

TLS 1.3 encryption for all connections. Your data is protected as it travels.

Hashed Passwords

Passwords are never stored. We use bcrypt with high-cost hashing — industry best practice.

No Admin Snooping

Row-level security + field encryption means even database admins can't read your data.

Safe from Dumps

If our database was ever exposed, sensitive fields would be unreadable gibberish.

How We Protect Your Data

We take a defense-in-depth approach. Multiple layers of security ensure that even if one layer is compromised, your data remains protected.

Encryption Layers

LayerTechnologyWhat It Protects
In TransitTLS 1.3All data between your browser and our servers
At RestAES-256Entire database encrypted on disk
Field-LevelAES-256-GCMOAuth tokens, imported bank data, chat history
Passwordsbcrypt (cost 12)Account passwords and worker PINs

What We Encrypt

Third-Party Tokens

When you connect Xero or other services, the access tokens are encrypted before storage. Even with full database access, these tokens are unreadable without the encryption key.

Imported Bank Data

When you import CSV files from your bank, the raw data is encrypted. Your transaction details are protected even if someone gains database access.

AI Conversations

Your chat history with the AI assistant is encrypted. The personal details you share in conversations are protected.

Authentication Credentials

Passwords and worker PINs are cryptographically hashed with bcrypt. We literally cannot see them — verification happens mathematically.

Access Control

Row-Level Security

Database queries are restricted at the row level. You can only access data that belongs to you — enforced by the database itself.

No Backdoors

There's no admin panel to view user data. No support agent can look at your transactions. The architecture prevents it.

Encryption Keys

Encryption keys are stored separately from the database, in secure environment variables. Database dumps are useless without the key.

Minimal Access

Only essential team members have production access, with two-factor authentication required.

What This Means for You

If our database was stolen...

Attackers would get encrypted data they cannot read. Your OAuth tokens, bank imports, and chat history would be useless gibberish without our encryption key.

If a rogue employee tried to snoop...

Row-level security means database queries only return your own data. Combined with field encryption, sensitive data is protected even from us.

If someone intercepted your connection...

TLS 1.3 encryption means all traffic between your browser and our servers is encrypted. Man-in-the-middle attacks won't work.

Infrastructure

ServiceProviderSecurity
HostingVercelSOC 2 Type II certified, automatic HTTPS
DatabasePrisma PostgresEncrypted at rest, isolated connections
PaymentsStripePCI Level 1 certified (we never see card numbers)
AIAnthropicData not used for training, SOC 2 Type II

Our Commitment

  • We encrypt sensitive data — not just at rest, but field-by-field for the most sensitive information.
  • We can't snoop on you — the architecture prevents it, not just policy.
  • We use trusted providers — every service we use meets enterprise security standards.
  • We're transparent — we tell you exactly what we protect and how.

Questions?

We're happy to discuss our security practices in more detail.

Email: security@getsolvent.online

Related Pages

Privacy PolicyYour Data RightsTerms of Service