Security

All traffic between your browser and Buxme is encrypted in transit using HTTPS and modern TLS. This helps prevent unauthorized parties from intercepting data while it travels over the internet.

Buxme uses industry-standard authentication through Supabase Auth, including secure password handling and session management. We encourage strong, unique passwords and support email verification for new accounts.

Data stored in Buxme infrastructure is protected with encryption at rest provided by our cloud partners. Sensitive fields and database storage benefit from platform-level encryption controls.

When you connect financial accounts, Buxme uses Plaid to securely retrieve authorized data. Buxme never receives or stores your online banking username or password. You control which accounts and data scopes are shared, and you can disconnect at any time.

Buxme stores application data in Supabase, a managed Postgres platform with row-level security (RLS) policies that restrict data access to authenticated account owners and authorized household members. Database access is limited to operational needs.

Buxme is hosted on Vercel, which provides global edge delivery, DDoS mitigation, and secure deployment pipelines. Production environments use isolated configuration and environment variables for secrets.

Internal access to production systems is granted on a need-to-know basis. Administrative tools, database access, and deployment permissions are limited to authorized personnel only.

We monitor application health, error rates, and authentication events to detect anomalies. We review dependencies for known vulnerabilities and apply security updates as part of our release process.

If you discover a security vulnerability, please report it responsibly to support@buxme.com with sufficient detail to reproduce the issue. Do not publicly disclose vulnerabilities before we have had a reasonable opportunity to investigate and remediate.

Security is ongoing work. We plan to continue improving Buxme with enhanced audit logging, additional account protection options, expanded security testing, and tighter integration controls as the product evolves.