Budget Aurora is built on enterprise-grade infrastructure with security controls aligned to the SOC 2 Trust Services Criteria. This page explains exactly how we collect, store, protect, and handle your data.
We believe you should know exactly who is handling your financial information.
Budget Aurora is a personal and household finance management platform. We help individuals, couples, and families manage shared finances, track spending, crush debt, and plan for the future — all in one place.
To make financial clarity accessible to everyone. We build tools that give households an honest, real-time picture of their financial health — without selling your data or compromising your privacy to do it.
Security or privacy concerns? security@budgetaurora.com
We respond to all security inquiries within 48 hours.
Our security posture is designed around the five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
All user data is encrypted at rest using AES-256, provided by Google Cloud's default encryption layer on Firestore and Cloud Storage.
All data in transit is protected using TLS 1.3. Unencrypted HTTP connections are rejected.
User identity is managed by Firebase Authentication (Google). Passwords are hashed using bcrypt and never stored in plain text by Budget Aurora.
Session tokens are stored in httpOnly, Secure, SameSite=Strict cookies — preventing XSS and CSRF attacks.
Every user's data is scoped to their unique Firebase UID. Firestore Security Rules enforce these boundaries at the database level — a malformed query cannot access another user's data.
Bank account linking is handled entirely by Plaid's OAuth-style flow. Budget Aurora never sees or stores your banking username, password, or MFA codes.
We hold read-only access tokens. We cannot initiate transactions.
Google Cloud provides continuous infrastructure monitoring, DDoS protection, and automated vulnerability scanning. Anomalous access patterns trigger real-time alerts.
Budget Aurora runs on Google Cloud (Firestore, Firebase Auth) with a 99.95% uptime SLA. Vercel's global edge network handles frontend delivery with automatic failover.
Access to production systems is limited to authorized engineers using role-based access controls. All admin actions are logged and auditable.
We maintain an incident response plan covering detection, containment, notification, and post-incident review. Affected users are notified promptly in the event of a breach.
Budget Aurora is a read-only budgeting tool. We never hold, move, or process your money. This means we are not classified as a Money Service Business (MSB) or financial institution under US law (BSA/FinCEN), so KYC identity verification requirements do not apply to us.
Your bank connection is handled by Plaid, who manages that compliance layer. We intentionally keep our scope narrow so we never need to collect government-issued ID from you.
A transparent breakdown of exactly where each type of data lives and how it is protected.
Name, email, phone, avatar image
Storage
Firestore (Google Cloud) — AES-256 at rest
Access Control
You only. Firestore rules deny all cross-user reads.
In Transit
TLS 1.3
Account names, balances, account types
Storage
Firestore (Google Cloud) — AES-256 at rest
Access Control
You only. Scoped to your UID.
In Transit
TLS 1.3
Plaid access tokens (not your credentials)
Storage
Firestore, encrypted at rest. We store tokens, not credentials.
Access Control
Server-side only. Never exposed to the frontend.
In Transit
TLS 1.3 + Plaid API security
Transaction amount, merchant, date, category
Storage
Firestore (Google Cloud) — AES-256 at rest
Access Control
You only. Household members can be granted shared access explicitly.
In Transit
TLS 1.3
Firebase ID tokens, session cookies
Storage
httpOnly, Secure cookies in the browser
Access Control
Not accessible to JavaScript (XSS-safe)
In Transit
TLS 1.3, SameSite=Strict (CSRF-safe)
Profile photos
Storage
Firebase Storage (Google Cloud) — AES-256 at rest
Access Control
Served via signed URLs. No public listing.
In Transit
TLS 1.3
We retain your data for as long as your account is active. Inactive accounts may be flagged after 24 months of inactivity, with prior email notice before any deletion. Analytics data is aggregated and anonymized after 90 days.
You can permanently delete your account and all associated data from Profile & Settings → Security → Danger Zone. Deletion is immediate and irreversible. Plaid access tokens are revoked at the same time.
All processors are contractually bound to GDPR-compliant data processing agreements.
If you discover a security vulnerability in Budget Aurora, please report it responsibly. We investigate all reports and respond within 48 hours.
Last updated: July 2026 · Privacy Policy · Terms of Service