Budget AuroraBack to home

Legal

Security Policy

Last updated: June 7, 2026

Security is foundational to a finance app. Here's how we protect your data, and how researchers can responsibly report issues to us.

Encryption

Your data is encrypted in transit with TLS and at rest using industry-standard protections, backed by Google Firebase's secure cloud infrastructure. Sensitive credentials are never stored on your device in plain text.

You're in control of your data

Budget Aurora does not connect to your bank. The financial information in the app is the budgets, income, debts, and net worth that you enter yourself — we never have access to your accounts and can never move money.

Access controls

Your data is scoped to your account and protected by security rules so only you can read or write it. Access to production systems is restricted on a need-to-know basis and protected by multi-factor authentication.

Monitoring and resilience

We rely on managed cloud infrastructure with built-in monitoring and redundancy, and maintain an incident response plan so we can react quickly if something goes wrong.

Responsible disclosure

If you believe you've found a security vulnerability, we want to hear from you. Please email info@ambitiousconcept.com with details and steps to reproduce. We commit to acknowledging reports promptly and will not pursue legal action against good-faith research.

  • Give us reasonable time to investigate and fix before public disclosure.
  • Do not access, modify, or delete other users' data.
  • Do not run attacks that degrade the service for others.

Questions about this page? Email us at info@ambitiousconcept.com. This document is a general template and should be reviewed by legal counsel before launch.