Security at RightOffs
Your financial data is sensitive. We employ bank-level security measures to protect your information and ensure your privacy.
Bank-Level Encryption
256-bit AES encryption for all data
Security-First Design
Enterprise-grade security controls
Privacy Committed
Privacy-compliant practices
Data Security
Encryption
TLS 1.3 in Transit
All data encrypted during transmission using the latest TLS protocol
AES-256 at Rest
Database encrypted with military-grade 256-bit AES encryption
Secure Backups
Encrypted automated backups with secure offsite storage
Access Control
Secure Authentication
Firebase Authentication with Google OAuth and email/password options
Two-Factor Authentication (2FA)
Optional TOTP-based MFA with Google Authenticator support and encrypted backup codes
Role-Based Access
Strict access controls with principle of least privilege
Infrastructure Security
Network Security
- Enterprise firewall protection
- DDoS mitigation
- Restricted admin access
- Rate limiting protection
Application Security
- Input validation & sanitization
- Cross-site attack protection
- Secure session management
- Industry-standard security headers
Monitoring
- 24/7 security monitoring
- Automated threat detection
- Regular vulnerability assessments
- Comprehensive audit logging
Trusted Security Partners
We partner with industry-leading security providers to ensure your data is protected:
Bank Connections
Industry-leading bank connection service trusted by major financial institutions.
- Bank-level security (OAuth 2.0)
- We never see your bank credentials
- Read-only access to transactions
Payment Processing
PCI-DSS Level 1 certified payment processor used by millions of businesses.
- PCI-DSS Level 1 compliant
- We never store card numbers
- Tokenized payment data
Authentication & Storage
Google Cloud infrastructure with enterprise-grade security and reliability.
- Google Cloud infrastructure
- Secure authentication (OAuth)
- Encrypted file storage
Compliance & Privacy
Privacy Practices
We're committed to privacy compliance and respect your data rights:
- Right to access your data
- Right to data portability
- Right to deletion
- Right to correction
We're actively working towards full privacy certification as we grow.
CCPA Aligned Practices
We're committed to CCPA compliance and California privacy rights:
- Full transparency in data collection
- We never sell your personal information
- Opt-out rights respected
- Prompt response to privacy requests
We're actively working towards full CCPA certification as we grow.
Data Retention Policy
Active account data is retained while your account is active. Transaction data is kept for 7 years to support IRS tax filing requirements. Upon account deletion, personal data is removed within 30 days, except where legally required for tax compliance.
Security Practices
Regular Audits
- Annual security audits by third-party firms
- Quarterly vulnerability assessments
- Automated dependency scanning
Incident Response
- Documented incident response procedures
- 24/7 security monitoring and alerting
- User notification within 72 hours of breach
What We DON'T Do
We never store bank credentials
Bank connections are handled by Plaid using OAuth 2.0. We never see or store your login information.
We never store credit card numbers
Payment processing is handled by Stripe. Card data never touches our servers.
We never sell your data
Your personal and financial data is never sold to third parties. Period.
We never share data without consent
Your data is shared only with explicit consent or where legally required.
Report a Security Issue
If you discover a security vulnerability, please let us know immediately. We take all security reports seriously and will respond within 48 hours.
Security Contact: security@rightoffs.com
For general inquiries: info@rightoffs.com
Learn more: Privacy Policy | Terms of Service