Budgit takes the security of our customers very seriously.  We use industry-leading practices and technologies to keep information safe. Additionally, because we do not monetize user data, we aim to minimize any personally identifiable (PII) data we store about end-users.  

Data Encryption

All data is encrypted at rest with AES-256, block-level storage encryption

We encrypt all data transmission using AES 256-bit encryption. This is the industry-leading encryption standard used by large banks and governments.

For the highest available level of security and trust, we use an Extended Validation SSL certificate. This kind of certificate is subject to a comprehensive verification process to prove that a website belongs to a real company.  When accessing Budgit, most modern browsers will show our company's legal name - Budgit, Inc. - in the address bar, next to (or instead of) our domain "https://gobudgit.com". 

Our Infrastructure

Plaid

Budgit relies on Plaid for read-only access to customer's financial accounts. Our token-based integration allows customers to authenticate their bank credentials directly via Plaid, which means bank usernames and passwords never touch our servers or database. Instead of handling bank logins directly, we receive and store a secure token from Plaid, which we can use to access account and transaction data from Plaid. 

Read more about Plaid's security policy here

Heroku

Budgit is built and hosted entirely on Heroku, which is a container-based cloud platform leveraging Amazon Web Services (AWS).  Heroku and Amazon maintain rigorous security practices and are trusted by leading software companies and the US government to securely maintain critical infrastructure. All customer data is housed within Amazon's secure data facilities. 

Read more about Heroku's security policy here

Two-Factor Authentication

Our staff utilize mandatory two-factor authentication (2FA) for access to any internal and external systems.  Additionally any end-users signing up or logging into Budgit's applications, must verify their accounts via their mobile phones.  

Contact Us

If you have any specific questions, concerns, or potential vulnerability reports, please contact us at security@gobudgit.com

Did this answer your question?