✦ Trust · How we protect your data

Security

Last updated: 7 May 2026 Kanehouse · Edinburgh, Scotland Applies to: wealthr.co.uk

🔒

TLS everywhere

All traffic encrypted in transit (HTTPS, TLS 1.3)

🛡

Encrypted at rest

Database storage encrypted with AES-256

🚫

No bank linking

We never connect to your bank or open banking

🇬🇧

UK-built

Solo developer. Edinburgh. UK GDPR.

★ Plain-English summary

WealthR is a manual-entry app. We never ask for, receive, or store your bank credentials, account numbers, or sort codes. Your data lives in an encrypted database in the EU/UK, behind TLS 1.3, with row-level security so only you can read it.

We're a small UK team (one developer, Liam, in Edinburgh). That means fewer attack surfaces, fewer suppliers, fewer ways for your data to leak. It also means we can't honestly claim SOC 2 or ISO 27001 — we can claim that we follow the same battle-tested practices the major UK fintechs use, on the same infrastructure they use.

01 Where your data lives

WealthR runs on managed UK and EU infrastructure. The database is hosted by Supabase (Postgres) in an EU region, with daily encrypted backups. The app and API are hosted on Render with TLS-terminated edge servers. We picked these providers specifically because they handle the heavy compliance lifting (encryption, patch management, physical security) and let us focus on the app.

🗄

Supabase (Postgres) — EU region

Encrypted-at-rest with AES-256. SOC 2 Type II certified. Row-level security policies enforce that one user can never read another user's data — even in the case of a query bug.

🌐

Render — application hosting

TLS 1.3, automatic certificate rotation. SOC 2 Type II certified. Static assets served from a global CDN with HSTS enforced.

💳

Stripe — payments only

PCI DSS Level 1. Card details never touch WealthR servers — they're entered directly into Stripe's secure iframe. We only ever see a customer ID and subscription status.

📨

Formspree — contact form relays

Used only for the privacy and security contact forms. No financial data ever touches it. EU-hosted, GDPR-compliant.

02 Encryption — in transit and at rest

In transit. Every connection between your device and WealthR is encrypted with TLS 1.3 (or TLS 1.2 fallback for older browsers). HTTP requests are 301-redirected to HTTPS. We send the Strict-Transport-Security header so your browser remembers to only ever talk to us over HTTPS.

At rest. All database storage is encrypted with AES-256, with keys managed by the cloud provider (rotated automatically). Backups inherit the same encryption. If a disk is ever decommissioned, the data on it is unreadable without the keys — which we don't share.

Passwords. Passwords are never stored in plaintext. They're hashed with bcrypt before they hit the database — meaning even we can't read them. If you forget your password we can only send you a reset link, never tell you what it was.

03 How sign-in works

Authentication is handled by Supabase Auth — the same library used by thousands of production fintech and SaaS apps. When you sign in we issue a short-lived JWT (JSON Web Token) that your browser uses to identify itself to the API. Tokens auto-rotate; if one leaks, it's invalid within minutes.

Email + password with bcrypt hashing
Password reset via signed time-limited email link
Session tokens stored in HttpOnly cookies where supported, never in localStorage for auth purposes
Rate limiting on sign-in and reset endpoints to slow brute-force attempts

Coming soon: two-factor authentication (TOTP / authenticator apps). Already on the public roadmap — see /roadmap.

04 Why we don't link to your bank

Most UK finance apps connect via Open Banking — which means a third-party aggregator (Plaid, TrueLayer, Yapily) holds a long-lived token that lets them read your transactions. That token is a target. If the aggregator is breached, every connected app is breached.

WealthR is manual entry. You type your totals once a month. We never ask for, see, or store your bank credentials, sort code, account number, or transaction history. The blast radius of a WealthR breach is therefore limited to the figures you chose to share — not your real-time spending or account access.

This is a deliberate trade-off: it costs you 90 seconds a month of typing in exchange for materially less attack surface than any aggregator-based competitor.

05 Application security

Row-level security (RLS) enforced at the database layer — every query is scoped to the signed-in user's ID. A bug in the app can't expose another user's data because the database itself refuses.
Content Security Policy (CSP) headers on every page to mitigate XSS and clickjacking.
Input validation on every API endpoint with strict schemas — no free-text SQL anywhere.
Dependency monitoring via automated GitHub Dependabot alerts. Critical CVEs are patched within 48 hours.
Secret management — API keys and secrets live in the platform's encrypted environment variables, never in source code.
Audit logs — every database change is logged with user ID, timestamp and IP. Anomalies are reviewed manually.

06 Backups and recovery

The database is backed up automatically every 24 hours, with point-in-time recovery available for the last 7 days (Pro tier) at the infrastructure level. Backups are encrypted and stored in a separate region from the live database. If a disaster takes out the primary, we can restore to a working state within hours, not days.

You can also export your own data at any time from the app — see Settings → Export data. We give you a clean JSON file containing every figure you've ever entered. Your data is yours; we won't hold it hostage.

07 Responsible disclosure

🐛 Found a security issue? Please tell us.

We don't run a paid bug bounty (yet), but we take every report seriously and credit researchers in the changelog if you'd like.

How to report: Email security@wealthr.co.uk with steps to reproduce. We aim to acknowledge within 24 hours and ship a fix or mitigation within 7 days for critical issues.

Please: don't run automated scanners against production, don't access other users' data, and give us a reasonable window to fix before public disclosure.

08 What we ask of you

Security is a shared responsibility. The single biggest determinant of your account safety is your own password hygiene.

Use a unique password. A password manager (1Password, Bitwarden, Apple Passwords) makes this effortless.
Don't reuse passwords from breached sites. Check haveibeenpwned.com if unsure.
Keep your devices and browsers up to date — most real-world account takeovers happen via outdated software, not server breaches.
Be cautious of phishing. WealthR will never ask for your password by email. Sign-in is always at https://wealthr.co.uk.

09 GDPR and your rights

WealthR is a UK GDPR data controller. You have full rights under the UK GDPR including access, rectification, erasure (right to be forgotten), portability, and objection. The full breakdown — including how to exercise each right — is on our privacy policy.

To delete your account and all associated data, go to Settings → Account → Delete account, or email support@wealthr.co.uk. Deletions are permanent and processed within 30 days (UK GDPR-compliant); usually faster.

10 Things we will never do

Sell, share or rent your data to advertisers, brokers or anyone else. Ever.
Ask for your bank login, card PIN, or one-time codes by email.
Run third-party tracking pixels or ad networks on the app.
Use your financial data to train AI models.
Make changes to your account on your behalf without explicit consent.

11 Get in touch

For security reports use the dedicated address. For general queries the support inbox is fine — both go to the same person.

Securitysecurity@wealthr.co.uk

Supportsupport@wealthr.co.uk

PostalKanehouse, Edinburgh, Scotland, United Kingdom

Built byLiam Kane (solo developer) — see /about

This page is informational and reflects our current implementation. It is not a contract; the legally binding documents are our terms and privacy policy. We update this page whenever the underlying practices change — last updated 7 May 2026.