Security is foundational to TreasuryFlow. Your exact transaction amounts are encrypted and delivered securely
to your Excel ledger for precise reconciliation. Our internal systems — logs, categorization, and ML
pipelines — only ever see privacy-preserving magnitude buckets, never your penny values.
Privacy-First Architecture
Exact amounts are securely stored and delivered to your ledger via
authenticated API. Our categorization engine only sees logarithmic magnitude buckets — your penny
values never enter logs or ML.
API Key Authentication
API tokens are cryptographically hashed with timing-safe comparison.
Raw tokens are never stored in our database.
Bank-Grade Infrastructure
Bank connectivity via Plaid. Your banking credentials never touch our
servers.
Rate Limiting
Public endpoints are rate-limited to prevent abuse. Automated scraping
is blocked.
Plaid Token Encryption
Plaid access tokens are encrypted at rest using Fernet symmetric
encryption (AES-128-CBC + HMAC-SHA256). Raw tokens never appear in the database, logs, or
backups.
Multi-Tenant Isolation
All database queries are scoped to the authenticated user's ID. No
administrative endpoints exist that can access another tenant's financial data.
Error Monitoring
Production errors are tracked via Sentry with automatic PII filtering.
Request bodies and auth headers are stripped before transmission.
Bank Re-Authentication
When bank connections expire, Plaid webhooks automatically flag the
issue and users can seamlessly re-authenticate without re-entering credentials.
Data Protection Layers
Magnitude Bucketing (Categorization Only)
Every transaction passes through our get_magnitude_bucket() function at ingestion for
categorization. The exact amount is securely stored and delivered to your Excel ledger for cross-bank
reconciliation; the bucket is used only by our internal ML and categorization engines:
MICRO: Less than $10
SMALL: $10 – $100
MEDIUM: $100 – $1,000
LARGE: $1,000 – $10,000
XLARGE: Greater than $10,000
Log & ML Isolation
Exact dollar amounts never appear in application logs, error reports, or ML training data. Only magnitude
buckets are used for categorization and analytics, ensuring your financial details remain private even at
the infrastructure level.
Authentication
Every data endpoint requires a valid API token via Authorization: Bearer header
API tokens use 32 bytes of cryptographic randomness for maximum security
Tokens are stored as cryptographic hashes — the raw token is shown once at signup and never again
Verification uses timing-safe cryptographic comparison to prevent side-channel attacks
Data Isolation
All database queries are scoped to the authenticated user's ID
No admin endpoints exist that can access another user's data
User A can never see User B's transactions, forecasts, or profile
Logging & Monitoring
Structured logging with request IDs — never financial data
No transaction amounts, merchant names, or account numbers in logs
Error responses never expose stack traces or internal paths
Infrastructure Security
HTTPS-only communication (HSTS enforced)
CORS origins restricted to production and development domains
Rate limiting on signup and waitlist endpoints to prevent abuse
Stripe webhook signature verification to prevent spoofing
X-Frame-Options: DENY and X-Content-Type-Options: nosniff headers
Responsible Disclosure
If you discover a security vulnerability, please report it to
security@pantollventures.com. We will respond within 48
hours
and work with you to address the issue promptly.