Security

How we protect your financial data

Bank-level encryption

All data encrypted with AES-256 at rest and TLS 1.2+ in transit. Your financial data is protected by the same encryption standards used by major financial institutions.

Read-only access

We connect to your accounts through Plaid. We can never move your money or initiate transactions. Stewardfi has read-only access to your account balances and transaction history.

No password storage

We never see or store your bank login credentials. Plaid handles authentication directly with your financial institution. Your passwords never touch our servers.

Row-level security

Your data is isolated at the database level using PostgreSQL Row Level Security (RLS) policies. No other user or Stewardfi employee can access your financial information without explicit authorization.

Professional standards

CPA-Delivered statements are provided under AICPA CS Section 100 consulting standards. Our CPA carries professional liability insurance and maintains continuing professional education requirements.

Infrastructure

Hosted on Vercel (SOC 2 compliant). Database on Supabase (SOC 2 compliant). Payments via Stripe (PCI DSS Level 1). Bank connections via Plaid (SOC 2 Type II certified).

Compliance

• GLBA Written Information Security Plan (WISP) maintained
• AICPA CS Section 100 consulting standards for CPA-Delivered services
• Professional liability insurance carried by licensed CPA
• SPF, DKIM, and DMARC configured for email security
• Plaid access tokens encrypted via Supabase Vault

Questions about our security practices? Contact us at security@stewardfi.ai.