Trust & Security

Your financial data deserves
the same rigor you bring
to earning it.

Bank-grade encryption. SOC 2-ready practices. Full transparency about how your data is stored, processed, and protected.

Infrastructure

How we protect your data

Encryption everywhere

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Your Plaid access tokens are stored in Supabase Vault — a dedicated secrets manager — never in application tables.

Row-level security

Every database query is scoped to your account using Postgres row-level security policies. Even if our application code had a bug, the database itself prevents cross-user data access.

Multi-factor authentication

Enable TOTP-based two-factor authentication from your account settings. Your session tokens are short-lived and automatically rotated.

Minimal data retention

We store only what we need to power your dashboard. When you delete your account, your data is purged within 30 days — including from backups.

Artificial Intelligence

AI that respects your privacy

Lisle uses AI to surface insights — not to harvest your data. Here's exactly how it works.

Monthly summaries only

Our AI assistant never sees your individual transactions. We aggregate your data into monthly category summaries before sending anything to the model.

No training on your data

Your financial data is never used to train AI models. We use Anthropic's Claude with zero-retention API agreements — your prompts and responses are not stored by the model provider.

Transparent about what AI does

Every AI-generated insight is clearly labeled. We publish a full AI Disclosure explaining exactly how models are used, what data they receive, and what they don't.

Read the full AI Disclosure →

Compliance

Built to institutional standards

SOC 2

Ready practices

AES-256

Encryption at rest

TLS 1.2+

Encryption in transit

CCPA / CPRA

California privacy

Our Commitments

What we will never do

  • Sell your data to advertisers or data brokers

  • Share your financial information with third parties for marketing

  • Store your bank login credentials — Plaid handles authentication directly

  • Use your data to train AI models

  • Access your accounts without your explicit connection via Plaid

Your Data

You're in control

Export your data

Download a complete copy of everything we store about you, anytime.

Delete your account

One click to request full deletion. 30-day grace period, then permanent removal.

Opt out of behavioral analysis

Turn off proactive insights and spending pattern analysis from your privacy settings.

California privacy rights

Full CCPA/CPRA compliance — right to know, right to delete, and Global Privacy Control signal support.

Infrastructure

Backed by industry-leading infrastructure

We build on platforms that hold their own SOC 2 certifications so our security posture starts from a verified foundation.

Plaid

Bank connections

SOC 2 Type II certified. Handles bank authentication so we never see your credentials.

Supabase

Database & auth

SOC 2 Type II certified. Postgres with row-level security and Vault for secrets management.

Anthropic

AI assistant

Zero-retention API. Your data is never stored or used for model training.

Vercel

Hosting

SOC 2 Type II certified. Edge network with automatic TLS and DDoS protection.

Have a security question or want to report a vulnerability?

security@lisle.ai
Privacy PolicyTerms of ServiceAI Disclosure