We built Lemoneyrich for people who trust us with their bank statements. Here is exactly how we protect that trust.
All uploaded documents and parsed transaction data are encrypted at rest using AES-256, the same standard used by financial institutions worldwide. Encryption keys are managed separately from the data they protect.
All data in transit between your browser and our servers is encrypted using TLS 1.2+. We enforce HTTPS on every endpoint, with no fallback to unencrypted connections.
Can our engineers read your grocery receipt? No. Raw documents are encrypted before storage. Access to production data is restricted by role and requires explicit authorization and audit logging.
Your parsed data (transaction rows, categories, notes) is stored in an isolated database. Your account data is never co-mingled with other users. We do not share, sell, or expose your financial information to any third party for advertising or analytics purposes.
You can permanently delete your account and all associated data from Settings at any time. Deletion is irreversible and completes within 30 days.
Lemoneyrich uses Google OAuth 2.0 for sign-in. We never store your password because we never ask for one. Your Google credentials stay entirely on Google’s servers.
When you sign in, Google issues us a short-lived access token. Session tokens stored in your browser are signed and expire. We do not use persistent tracking cookies for authentication.
Lemoneyrich is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II compliance. Our data centers use physical access controls, redundant power, and 24/7 monitoring.
We run automated security scans, apply patches on a regular cycle, and review access logs continuously. Any confirmed security incident is disclosed to affected users within 72 hours.
