Security
How we protect your data
Privacy-First Design
Your financial data deserves the highest protection.
Unlike many financial apps, SpentWorth doesn't require you to link your bank accounts. We use a simple CSV import process that keeps you in complete control of what data you share.
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
No Credentials
We never ask for or store your bank login credentials. CSV imports don't require bank access.
Secure Hosting
Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 compliance.
Data Deletion
Delete your account and all associated data at any time. We don't keep backups of deleted data.
How CSV Import Works
- You download a CSV file from your bank (most banks offer this)
- You upload the CSV to SpentWorth
- The file is processed and transactions are categorized
- Only the transaction data (date, amount, merchant) is stored
We never see your account numbers, balances, or login credentials.
Security Best Practices
To keep your account secure, we recommend:
- • Using a strong, unique password
- • Not sharing your account credentials
- • Logging out when using shared devices
- • Keeping your email address up to date
Report a Vulnerability
If you discover a security vulnerability, please report it to security@spentworth.com. We take all reports seriously and will respond promptly.