Bank data should stay locked down.

BudgetBro is being built around a zero-trust bank-sync flow: verify the user first, keep Plaid access backend-only, avoid bank credentials, and give users clear controls over connected money data.

Read the FAQ View Privacy Policy

Core controls

What protects the bank-connected experience.

The product is still pre-launch, but these are the controls BudgetBro is being organized around before production bank data opens.

Bank sync Read-only Plaid connection

Users connect through Plaid and their financial institution. BudgetBro should not collect bank passwords or move money.

Access control MFA before private money data

Bank-connected screens stay locked until sign-in and account verification are complete.

Backend Token handling stays server-side

Plaid access tokens belong in protected backend storage, not public JavaScript, logs, screenshots, or browser-only state.

User control Disconnect and deletion paths

Users should be able to refresh sync, disconnect a bank, clear local demo data, and request account deletion.

Alerts Security events should be visible

New sign-ins, failed MFA, failed sign-ins, and signed-out private-screen attempts should be recorded and surfaced clearly.

Monitoring No secret logging

Logging should help debug auth, provider, and sync failures without storing credentials, tokens, or direct personal payment details.

Data boundaries

What BudgetBro uses and what it avoids.

Budget inputs Balances, transactions, cards, bills, subscriptions, goals, food, and fuel

These inputs feed safe-to-spend, monthly flow, net worth, credit health, goal pacing, food budget, fuel budget, and Bro's money answers.

Boundaries No bank credentials, no secret logging, no hidden advice

BudgetBro should not move money, log secrets, or pretend to be a bank, lender, investment advisor, credit repair service, or substitute for a qualified professional.

Pre-launch security note

BudgetBro is still preparing production readiness. Live Plaid approval, production backend controls, security proof, and final smoke testing should be completed before real bank-connected launch.

Report security

If something happens to your account, use the security inbox.

BudgetBro should separate everyday support from urgent account-risk reports so suspicious activity, MFA issues, and bank-connected data concerns get handled with the right priority.

Account security Suspicious sign-ins, MFA trouble, or private-screen access concerns

Email the security inbox with what happened, when you noticed it, and the best way to reach you. Do not send passwords, MFA codes, Plaid credentials, or full account numbers by email.

Email security@budgetbro.co

General help Product questions, waitlist, billing, provider data, or account support

For everyday help that is not a security issue, use the support inbox so those messages stay separate from urgent account-risk reports.

Email support@budgetbro.co

Next trust pages

Keep the details easy to find.

FAQ Common user questions

Safe-to-spend, Plaid persistence, live-vs-preview data, deletion, and guidance boundaries.

Privacy Data policy and user rights

What BudgetBro collects, why it is used, and how users can request support or deletion.