Security

At Efficient Dollar, security is not an afterthought—it is a core part of how we design and operate the product. This page explains, in plain language, how we work to protect your data and keep your account safe.

For more technical details, see our Security Practices page (coming soon). For information about how we handle your personal and financial data, please also review our Privacy Policy and Data Protection Notice.

1. Our Security Principles

We follow a few simple principles when handling your information:

Minimal data — we only collect what we need to provide the service and improve it.
Least privilege — access to systems and data is restricted to what is strictly necessary.
Defense in depth — we layer multiple security controls instead of relying on a single mechanism.
Transparency — we are open about what we do, what we don’t do, and how to contact us with questions.

2. Encryption and Data Protection

2.1 In Transit

All traffic between your browser and Efficient Dollar is encrypted using HTTPS (TLS). This helps ensure that data cannot be easily intercepted or read while it travels over the network.

2.2 At Rest

Data stored in our databases and storage systems is protected using encryption at rest provided by our hosting and cloud infrastructure providers.

We do not store:

Bank login credentials
Raw payment card numbers (for future paid subscriptions, this will be handled by a PCI-compliant provider such as Stripe)

3. Authentication and Account Security

Efficient Dollar uses modern authentication methods, including support for signing in with Google (via OAuth). This allows you to sign in using an identity provider you already trust, without creating another password that could be reused or exposed.

3.2 Session Management

We use secure cookies and/or tokens to keep you signed in. These are designed to:

Expire after a period of inactivity
Be protected against common web attacks when properly used by your browser

We recommend:

Using unique, strong passwords for your Google and email accounts
Enabling multi-factor authentication (MFA) on your Google account or email wherever possible

4. Financial Data and Bank Connections (Future)

Once bank connectivity is launched, Efficient Dollar will use Plaid to securely connect your financial accounts.

With Plaid:

Your bank login credentials are never shared with Efficient Dollar.
Credentials are provided directly to Plaid and your financial institution.
Efficient Dollar receives only the data needed to provide budgeting and analysis features (such as balances and transactions), as described in our Data Protection Notice.

You will be able to:

Choose which accounts to connect
Disconnect accounts at any time
Request deletion of stored financial data

5. Payments and Subscriptions (Future)

If you subscribe to paid plans in the future, payments will be processed by a secure, third-party payment provider (such as Stripe).

We do not store full card numbers on our servers.
Payment information is handled and stored by the payment provider in accordance with industry-standard security and compliance requirements.

6. Infrastructure and Hosting

Efficient Dollar is hosted with reputable cloud and infrastructure providers that implement strong physical and network security controls.

We make use of:

Hardened hosting environments
Network-level protections provided by our hosting partners
Secure deployment practices

7. Access Control and Internal Practices

Access to production systems and data is limited to authorized personnel who need it to operate and improve the service.
Access is protected using strong authentication methods.
We aim to minimize the number of systems and services that can access sensitive data.

For more detail on internal technical controls, see our upcoming Security Practices page.

8. Vulnerabilities and Responsible Disclosure

We take security seriously and welcome reports of potential vulnerabilities.

If you believe you have found a security issue or vulnerability in Efficient Dollar, please contact us at:

support@efficientdollar.com

When reporting, please include:

A description of the issue
Steps to reproduce
Any relevant screenshots or technical details

Please do not publicly disclose the issue before we have had an opportunity to investigate and address it.

9. Your Role in Keeping Your Account Secure

You play an important role in keeping your data safe. We recommend that you:

Use strong, unique passwords for your primary email and Google accounts
Enable MFA (two-factor authentication) where available
Keep your devices and browsers up to date
Log out of shared or public computers

If you suspect unauthorized access to your account, please contact us immediately at support@efficientdollar.com.

10. Changes to This Security Page

As Efficient Dollar evolves and new features are launched (including Plaid integrations and paid subscriptions), we may update this Security page.

When we make changes, we will update the “Last updated” date at the top of the page. In some cases, we may also provide additional notice within the app or by email.

If you have any questions about this page or our security posture, please reach out to us at support@efficientdollar.com.