How We Protect Your Data

Learn about OneBudget's security measures and how we keep your financial data safe

2 min readLast updated: 2026-01-11

Our Security Commitment

Your financial data is sensitive. We treat it that way. Here's how OneBudget protects your information.

Encryption Everywhere

Data in Transit

All data sent between your device and our servers is encrypted using TLS 1.3—the same standard used by banks. This means:

  • No one can intercept your data in transit
  • Your information is scrambled during transmission
  • Even we can't read it while it's being sent

Data at Rest

Your data stored on our servers is encrypted using AES-256:

  • Industry-standard encryption
  • Would take billions of years to crack
  • Used by governments and financial institutions

Bank Credentials

We never see or store your bank login credentials.

When you connect your bank:

  1. You enter credentials directly with Plaid
  2. Plaid authenticates with your bank
  3. Plaid creates a secure token
  4. Only the token is shared with OneBudget
  5. The token can only read data—never move money

Infrastructure Security

Where Your Data Lives

  • Hosted on AWS (Amazon Web Services)
  • Data centers with 24/7 physical security
  • Biometric access controls
  • Continuous monitoring

Network Protection

  • Web Application Firewall (WAF)
  • DDoS protection via Cloudflare
  • Regular penetration testing
  • Automated vulnerability scanning

Access Controls

Internal Access

  • Principle of least privilege
  • Role-based access controls
  • All access logged and audited
  • Regular access reviews

Employee Security

  • Background checks for all team members
  • Security training required
  • Two-factor authentication mandatory
  • Encrypted devices only

Compliance

OneBudget adheres to:

  • SOC 2 Type II compliance practices
  • GLBA (Gramm-Leach-Bliley Act) requirements
  • CCPA and GDPR privacy regulations
  • Industry security best practices

You're in Control

You can always:

  • Download your data — Export everything we have
  • Delete your account — Remove all your information
  • Disconnect banks — Revoke access at any time
  • View connected services — See what's linked

Security Tips for You

Protect your OneBudget account:

  1. Use a strong, unique password
  2. Enable two-factor authentication
  3. Don't share your login credentials
  4. Log out on shared devices
  5. Keep your email secure — It's used for account recovery

Report a Security Issue

Found a vulnerability? Please report it:

Related Articles

Why We Use Plaid

Learn why OneBudget uses Plaid for bank connections and how it keeps your data safe

What We Never Do With Your Data

Clear commitments about what OneBudget will never do with your financial information