• All data in transit is protected with TLS 1.3 — bank-grade encryption on every connection.
• Data at rest is encrypted using AES-256, the same standard used by the US military.
• No plaintext credentials are ever stored on our servers.

• FINXPLORER uses read-only OAuth access to your financial accounts — we never see your banking password.
• Account connections are managed by regulated financial data aggregation providers.
• We are designed to minimize direct exposure to sensitive credential flows.

• Authenticated access is enforced for all protected routes — no data is exposed without a valid session.
• Tenant-level isolation ensures your data is never accessible to other accounts.
• Billing, authentication, and audit events are handled with explicit server-side controls and logged.
• Security improvements are treated as an ongoing engineering responsibility, not a one-time project.

If you believe you have identified a security vulnerability, please contact us before disclosing it publicly.

Email: security@finxplorer.com

We review all legitimate reports promptly and appreciate responsible disclosure.