Security

How ExpenseBud protects your data.

Data isolation

Every company's data is isolated using Postgres row-level security (RLS), enforced at the database layer — not just in application code. Even a bug in a query can't return another company's data, because the database itself rejects it. The application also connects to the database using a role scoped to exactly the access it needs, with no ability to bypass these protections.

Bank connections

We use Plaid to connect to your bank or card issuer. Your bank credentials are entered directly with Plaid — we never see or store them. What we receive afterward is a connection token, which is encrypted (AES-256-GCM) before it's stored, and access can be revoked at any time from the app or by disconnecting the card.

Encryption

  • All traffic between your browser and our servers is encrypted (HTTPS/TLS).
  • Bank connection tokens are encrypted at rest, independent of the database's own encryption.
  • Passwords are hashed (bcrypt), never stored in plain text.

Access control

Employees can only see and manage their own spend and receipts. Admins can see their company's data. Every category change, employee invite, and card disconnection is recorded in an audit log.

Reporting a concern

If you believe you've found a security issue, please contact us at [SECURITY CONTACT EMAIL] rather than filing a public issue.