Built for your most sensitive data

Most financial apps connect to your bank on your behalf, asking for your username and password to scrape your transactions. AvoirWealth does not work that way. You import your own data directly. We store what you give us, display it back to you, and nothing more.

We have no access to your bank accounts and we never will. That is not a limitation. It is a deliberate architectural choice, and it is the foundation of your privacy.

Your data is encrypted at every point, whether it is sitting on disk or moving across the network.

• In transit. TLS 1.2+ for all data moving between your browser and our servers.
• At rest. AES-256 encryption for stored data.
• Passwords. Never stored in plain text.
• Backups. Encrypted, the same as live data.

Your data is isolated at the database level, not just the application level. This is a meaningful technical distinction.

• Supabase row-level security (RLS) is enforced on every table.
• Queries are scoped to your user ID at the database layer.
• No user can access another user's data, including through application bugs.
• Internal access is minimized and logged.

Account access uses modern, hardened authentication methods. You are not sharing a password with a screen-scraping service.

• Email and password login via Supabase Auth.
• Google OAuth supported.
• Passwords hashed with bcrypt.
• Session tokens are short-lived and rotated.

We collect only what is required to operate the Service. Less data held means less data at risk.

• No banking credentials are ever stored.
• No Social Insurance Number or government ID is collected.
• No advertising trackers or third-party pixels.
• Analytics are anonymized and aggregated.

You export from your bank or broker. You download a CSV or PDF statement directly from your financial institution. AvoirWealth never connects to your bank on your behalf and never asks for your login credentials.

You upload to AvoirWealth. Your file is sent over an encrypted connection (TLS 1.2+) directly to our servers. It is parsed and the transaction data is extracted.

Your data is stored with row-level isolation. Parsed transactions are written to our database, encrypted at rest, with Supabase row-level security ensuring your records are accessible only to your authenticated session. No other user, query, or internal request can read your data.

Your dashboard is computed and displayed. Net worth, portfolio returns, and budget figures are calculated server-side from your scoped data and returned only to your authenticated session. Nothing is shared, inferred from, or combined with other users' data.

Supabase. Our database and authentication provider. Your data is stored on Canadian servers. SOC 2 Type II certification means their security controls are independently audited on an ongoing basis.

Data encryption. Industry-standard encryption for data at rest and in transit. The same standards used by major financial institutions globally.

Authentication. Passwords are hashed with bcrypt. Session management uses short-lived, rotating tokens. OAuth flows use secure redirects.

We take security reports seriously. If you discover a security vulnerability in AvoirWealth, we ask that you report it to us privately before disclosing it publicly. We will acknowledge your report within 48 hours and work to resolve confirmed issues promptly.

We do not pursue legal action against researchers who discover and responsibly report vulnerabilities in good faith.