AFINCE LogoAFINCE

Security Center

How AFINCE protects sensitive personal finance information.

Last Updated: June 5, 2026

AFINCE is designed around read-only financial visibility. We do not initiate payments or store bank login credentials. Financial account connections are handled through user-authorized providers such as Plaid.

Security Commitments

  • Read-only access: AFINCE uses financial data for visibility, categorization, budgeting, and recurring expense insights.
  • Credential separation: Bank credentials are handled by Plaid or the user's financial institution, not stored by AFINCE.
  • Encryption: AFINCE uses HTTPS/TLS for transport and relies on encrypted storage controls from infrastructure providers for stored data.
  • Least privilege: Internal access is limited based on job need and reviewed when roles or responsibilities change.
  • Administrative MFA: Administrative systems must use multi-factor authentication where supported.
  • Logging: Security-relevant administrative events are logged and reviewed when needed for investigation or support.

Policy Library

Privacy Policy

Collection, use, sharing, retention, user rights, Plaid, and deletion requests.

Read policy

Terms of Service

Service rules, disclaimers, user responsibilities, and liability limits.

Read terms

Access Control Policy

Least privilege, access approvals, reviews, offboarding, and logging.

Read policy

MFA Policy

Multi-factor authentication requirements for administrative and sensitive systems.

Read policy

Data Retention Policy

How long AFINCE keeps account, financial, support, security, and backup data.

Read policy

Data Disposal Policy

Deletion triggers, secure disposal, Plaid disconnects, backups, and verification.

Read policy

Incident Response

AFINCE investigates suspected unauthorized access, service abuse, data exposure, and security incidents. If an incident affects personal information and notice is legally required, AFINCE will provide notice through reasonable channels such as email, in-app notice, website notice, or other legally required methods.

Responsible Disclosure

Security concerns can be reported to support@afince.com. Please include a clear description, affected URL or feature, reproduction steps, and contact information. Do not access, modify, delete, or disclose user data while testing.