Security at CloseKit

Your financial data security is our top priority

Data Encryption

Your data is protected with industry-standard encryption

  • Data encrypted in transit: All data transmitted between your browser and our servers is protected using SSL/TLS encryption
  • Data encrypted at rest: Your financial data is encrypted when stored in our database using AES-256 encryption
  • Industry-standard protocols: We use battle-tested encryption protocols trusted by financial institutions worldwide

Access Controls

Your data is accessible only to you

  • User authentication required: Secure email and password authentication protects your account
  • Data isolation: Complete data separation ensures users can only access their own financial information through Row Level Security (RLS) policies
  • Role-based access: Foundation in place for future multi-user features with granular permission controls

Infrastructure Security

Built on enterprise-grade cloud infrastructure

  • Secure cloud hosting: Powered by Supabase, built on AWS infrastructure with enterprise-level security certifications
  • Regular security updates: Our infrastructure is continuously monitored and updated with the latest security patches
  • Automated backups: Your data is automatically backed up to prevent data loss

Data Privacy

Your data belongs to you, always

  • We never sell your data: Your financial information will never be sold, rented, or shared with third parties for marketing purposes
  • Data only used to provide service: We use your data solely to deliver the CloseKit service to you
  • Minimal data collection: We only collect information necessary to provide and improve our service

Compliance

Committed to meeting regulatory standards

  • Working towards SOC 2 compliance: We are actively pursuing SOC 2 Type II certification to demonstrate our commitment to security
  • GDPR compliance: We follow GDPR requirements for EU users, including data portability and the right to be forgotten
  • Industry best practices: Our security measures follow OWASP guidelines and industry standards for web application security

Your Responsibilities

Help us keep your account secure

  • Use strong passwords: Choose a unique, complex password with at least 8 characters, including letters, numbers, and symbols
  • Keep credentials secure: Never share your password or leave your account logged in on shared devices
  • Log out of shared devices: Always log out when using CloseKit on public or shared computers

Data Retention and Deletion

You control your data lifecycle

  • Data retention: We retain your financial data for as long as your account is active. Inactive accounts may be archived after 2 years of inactivity
  • Data deletion: You can permanently delete your account and all associated data directly from within the application via your account settings. Data is removed immediately and cannot be recovered.
  • Data export: You can export all your data at any time using the CSV export features built into the application

Incident Response

Prepared to respond to security events

  • Continuous monitoring: Our systems are monitored 24/7 for security threats and unusual activity
  • Incident response plan: We have procedures in place to quickly respond to and mitigate any security incidents
  • Breach notification: In the unlikely event of a security breach affecting your data, we will notify you promptly via email

Questions About Security?

We're here to address any security concerns you may have. Our team is committed to maintaining the highest standards of data protection.

Contact us at gregory.hart55@gmail.com