How Money Guardian Encrypts Your Data

1) Encryption happens before storage

Money Guardian encrypts data on your device and then stores the encrypted version. In practice, this means your sensitive values are not saved as readable text in storage.

This approach improves privacy and helps limit exposure in case stored data is ever accessed without authorization.

2) A layered key model

Money Guardian uses a layered key setup so your data can be unlocked securely through your normal sign-in flow, with a separate recovery path if needed.

Password-based unlock path  ----\
                                 Data encryption key
Recovery-based unlock path  ----/

• Primary access: Your normal account credentials.
• Recovery access: A separate recovery key flow.
• Goal: Strong protection without sacrificing account recoverability.

3) Modern, standard cryptography

• AES-256-GCM to encrypt sensitive values.
• PBKDF2 + SHA-256 to strengthen password-derived keys.
• AES key wrapping to protect encryption keys at rest.
• Web Crypto API in the browser, rather than custom crypto code.

4) What is protected

Money Guardian protects sensitive financial records across core account areas, including:

• Transaction details and related metadata.
• Asset and portfolio values.
• Rules and budgeting-related entries.
• Other sensitive settings used by your account.

5) Recovery is built in

Money Guardian includes a recovery-key path so you can restore access securely if your primary sign-in path is unavailable.

This is designed to balance account safety with practical recovery.

6) Continuous improvement

Security is an ongoing process. We review and improve our controls over time, including encryption practices, account protections, and operational safeguards.

7) Bottom line

Your data is encrypted before storage and protected using modern, established cryptographic standards. The goal is simple: keep your financial information private and secure by default.