Storage of your data in Tidy
If you´re like us and care about the security and privacy of your data, Tidy Money will be your best ally. From the start, we’ve been obsessed with protecting user information. We follow the best practices from the most demanding industries, drawing on extensive experience in cryptographic systems, payment methods, and financial software.
Your expenses and budgets are not readable data in our database; they are cryptograms that hold no value for anyone who may obtain them without the decryption keys.
We use AES-256 encryption, the most powerful encryption algorithm available and widely adopted by most military and government entities.
.
Additionally, we have divided the database into multiple schemas to further complicate data correlation.
.
On top of that, the link between schemas is an undecipherable piece of data by definition, making it impossible for an attacker to associate a user with the recorded information.
Storage of your Tidys
So how is it that you can access your Tidys, and what prevents us from doing so? That link between schemas is your user ID, but only you know it in plain text. Therefore, when you need to retrieve something, you send us a request from the app using that data (a hash of your identifier).
Additionally, only you have the key to authenticate yourself. We do NOT store passwords in plain text, and the system is designed to NOT return anything without authentication (session token). In fact, there is no traditional password; they are one-time access keys that can only be obtained by the person with access to the email account used for registration.
Furthermore, the operating system manages the passwords for accessing the infrastructures and files. None of our employees can access the database or extract information because those passwords are not managed by anyone. Only the software, based on your explicit request, can do so.
Access to your Tidys
We haven't spared any effort, which is why our infrastructure is hosted with the largest and most robust provider in the market: Amazon Web Services.
Not only do they comply with the most important security and quality certifications (ISO 27001, PCI Level 1, SOC 2, among many others), but their guarantees of uninterrupted service are unmatched, with backup copies distributed across highly secure regions and impressive vertical scaling capabilities.
You can rest assured that your Tidys will always be available. Regarding access controls, the servers are managed with 2FA authentication, role separation, and specific permissions per component.
Lastly, it’s important to highlight that the encryption keys are stored in an independent vault (KMS) governed by the operating system.
Our servers
This is the gateway to your Tidys, and as such, it is designed to prevent anyone else from entering. Communications with the servers are carried out over a strict encrypted channel, and your identifier travels as an undecipherable beacon since it's hashed directly from the app, making it impossible to retrieve the original data from the input.
Additionally, if you prefer, access can also be controlled by facial recognition, adding an extra layer of security and convenience during authentication.
Furthermore, our app is designed to communicate only with our servers, so no third party could intervene. If someone tries, we would detect it instantly and deny their requests (anti-pinning system).