Skip to main content
The_Public_Record · ix · Security

Security.

Effective_2026-06-01 · Last_updated_2026-06-01

This page summarizes, in plain language, how Re_Tera protects your data. It is the public companion to our internal Information Security Policy, which describes these controls in full.

Your data is encrypted, end to end

All traffic to and from Re_Tera runs over HTTPS (TLS). We enforce HTTP Strict Transport Security so browsers refuse to talk to us over an unencrypted connection. Data is encrypted in transit and at rest.

When you choose to link a bank, the access token that lets us read your transactions is never stored in the clear. It is encrypted with AES-256-GCM (authenticated encryption) before it is written to our database, and the key used to protect it comes from a managed secret store (Firebase Secret Manager), not from our code. Each linked institution gets its own derived key, and every token is sealed with a fresh random salt and nonce, so one record can never be unsealed in place of another. That access token is never sent to your browser or device.

Your data is scoped to you

Your account data is readable and writable only by you. Our database rules tie every read and write to your authenticated identity, and anything that does not match is denied by default. Every request to our API is checked server-side: we verify your sign-in token on each call, and that check honors sign-out and account deletion immediately rather than waiting for a token to expire.

The most sensitive records, including the encrypted bank token, live in server-only collections that no client (not even a signed-in one) can read or write. They are reachable only by our trusted server code. We also block clients from forging billing or subscription fields, so account standing cannot be tampered with from the browser. If you invite a household member, you control whether they can view only or also add items.

We collect the minimum, especially from your bank

Re_Tera is built to hold as little as possible. Linking a bank is optional and powers one feature: spotting high-value purchases that may sit near a policy limit, so you can decide whether to add them to your coverage.

You enter your bank credentials directly into Plaid's secure module. Re_Tera never sees, receives, or stores your bank username, password, balances, or account numbers. From your linked account we receive only the transaction fields we need to flag a purchase: the amount, the merchant name, the date, the currency, and a spending category. Nothing more. From those, we keep only the purchases we actually flag for you. We do not store your full transaction history.

We never sell your financial data

We do not sell, rent, or trade your financial data, and we do not share it for advertising. Financial information obtained through Plaid is used solely to provide the feature you opted into, consistent with the Gramm-Leach-Bliley Act (GLBA).

How purchases are monitored and errors are caught

We use Sentry to catch and diagnose application errors so problems get fixed quickly, and error monitoring runs only in production. We deliberately minimize what telemetry can carry: personal details are reduced to a non-reversible identifier, cookies and authorization headers are stripped, sensitive URL parameters are filtered, and sensitive field names are redacted before anything leaves the app. Our internal logs identify accounts only by a one-way hashed identifier, never by raw account data, and our error handling for bank connections is written to exclude tokens and secrets from logs. We do not send your bank or card data to our monitoring tools.

Secure development practices

Security is checked on every change, not after the fact. Every code change must pass automated linting, type-checking, our test suite, and a full build before it can ship. We scan our dependencies against a public vulnerability database (OSV) on every build and block the build if a known vulnerability is found. We pin our third-party build tools to fixed versions to reduce supply-chain risk, and we run targeted tests specifically aimed at preventing payment and access-control bypasses. Changes to our database access rules are tested against the rules engine before they can merge.

You are in control

Linking a bank is always opt-in. You can:

  • Link a bank only if you choose to, by completing Plaid's secure connection flow yourself.
  • Unlink at any time. When you unlink, we remove the connection at Plaid, delete the encrypted token, and purge the purchase signals tied to it.
  • Delete your account to erase everything. Account deletion verifies it is really you, then removes your profile, documents, uploaded files, inventory, and other records. It revokes any linked bank connections at Plaid, deletes data held by our processors for AI features, and cancels and removes your billing record. Our privacy policy states your data is permanently removed within 30 days of deletion, except where the law requires us to retain it.

You can also export your data at any time as a downloadable file.

Reporting a security concern

If you believe you have found a security issue, or you have a question about how your data is handled, email us at support@getretera.com. We take reports seriously and will investigate.

Learn more

We maintain detailed internal information-security, access-control, and data-retention policies. These are available to partners and auditors on request.

For the full details on what we collect and how it is used, see our Privacy Policy and Terms of Service.