Security

Your financial data, protected

BOFFO is built with security at its core. Bank-level encryption and industry best practices keep your data safe.

AES-256 Encryption

All data encrypted at rest using AES-256 and in transit using TLS 1.3. Documents and financial data are never stored unencrypted.

Secure Infrastructure

Hosted on infrastructure built on SOC 2 compliant cloud providers, with automatic backups, failover, and DDoS protection.

Access Controls

Row-Level Security ensures users only access their own data. Multi-tenant isolation enforced at the database level.

Document Handling

Uploaded documents processed in isolated environments. Original files can be auto-deleted after processing.

GDPR Compliance

Data minimization, right to erasure, data portability, and transparent processing. Your data, your rights.

Authentication

Enterprise-grade authentication with Google OAuth, strong passwords, and session management.

Our security practices

All API endpoints require authentication via JWT tokens

Database connections use SSL/TLS encryption

No financial data is ever logged or stored in plain text

Regular security audits and dependency updates

Automatic session expiration and token rotation

Rate limiting and brute force protection on all endpoints

Secrets and API keys stored in encrypted environment variables

No third-party analytics or tracking on authenticated pages

How we handle your data

When you upload a statement, our AI extracts the structured data — holdings, transactions, account numbers. Once extraction is complete, the original PDF is permanently deleted. We never store your raw bank statements.

The extracted data is encrypted and stored securely so you can access your portfolio history anytime. You can delete your data at any time from your account settings.

Security questions?

If you have security concerns or want to report a vulnerability, contact us.

security@boffofinance.com support@boffofinance.com