Security

Security is foundational to Entropy Money. This page provides an overview of how we protect your data.

Read-only access

Entropy Money connects to your bank accounts through Open Banking via Plaid. This connection is strictly read-only — we can view transaction history but cannot move money, make payments, or modify your accounts in any way.

We never see your bank credentials

Your bank login credentials are handled entirely by your bank and our Open Banking provider. They are never transmitted to or stored by Entropy Money.

Encryption

• In transit: all data is transmitted over TLS 1.2 or higher.
• At rest: all stored data is encrypted using AES-256.

Cloud infrastructure

Our infrastructure is hosted on Microsoft Azure, using managed services with built-in security controls, automated patching, and geographic redundancy.

Access controls

Access to production systems is restricted to authorised personnel only, protected by multi-factor authentication, and subject to audit logging.

Data minimisation

We collect only the data required to generate financial insights. We do not collect or store data beyond what is necessary for the service.

Incident response

We maintain an incident response process to detect, respond to, and recover from security events. In the unlikely event of a data breach affecting your information, we will notify you promptly in accordance with applicable regulations.

Questions

If you have security concerns or wish to report a vulnerability, contact the contact form on our website.