🔒 Security & Encryption
Your financial privacy is our priority. We built JustinsEnvelopeBudgeting.com with server-side field-level encryption that keeps your sensitive financial information private and secure.
Why Encryption Matters for Budgeting Apps
Other budgeting applications might store your financial data in plain text on their servers. This means:
- Employees can read your transaction details and spending patterns
- Data breaches expose your complete financial history in readable form
- Your private account names and payee information are visible to support staff
- Government requests can access all your financial information directly
We encrypt your sensitive data so even we can't read your private financial details.
Our Server-Side Encryption Architecture
How Your Data Stays Private
1. Session Login: Your password creates a unique server-side encryption key for your session
2. Field Encryption: Sensitive data fields are encrypted on our servers using your session key
3. Database Storage: We store encrypted data that appears as meaningless text to anyone with database access
4. Session Security: Your encryption key expires automatically and is never permanently stored
What Gets Encrypted
✅ Encrypted Fields (We Can't Read These)
- Account names and descriptions
- Transaction descriptions and payee names
- Envelope (category) names and notes
- Personal notes and comments
- Import data and transaction details
🔢 Visible to Us (Required for Service Function)
- Financial amounts and balances (numbers only, no context)
- Transaction dates and timestamps
- Account creation and login times
- Session tokens (temporary, automatically expire)
🚫 We Don't Even Know
- Your email address (stored encrypted)
- What your accounts represent (encrypted names)
- Who you pay money to (encrypted payees)
- What you spend money on (encrypted descriptions)
- Your budgeting categories (encrypted envelope names)
Technical Security Specifications
Server-Side Encryption: AES-256-GCM (Advanced Encryption Standard)
Key Derivation: PBKDF2 with SHA-256 (100,000 iterations)
Session Security: Cryptographically secure random tokens
Transport Security: HTTPS/TLS with secure headers
Password Hashing: BCrypt with salt (industry standard)
Database: Encrypted field storage with secure connections
Why AES-256-GCM Server-Side Encryption?
- Military Grade: Same encryption used by government agencies for classified information
- Authenticated Encryption: Prevents tampering and ensures data integrity
- Session-Based Keys: Encryption keys derived from your password, expire automatically
- Database Protection: Even database administrators can't read your private data
Comparison with Other Budgeting Apps
| Security Feature |
JustinsEnvelopeBudgeting.com |
Most Competitors |
| Sensitive field encryption |
✓ AES-256-GCM |
✗ Plain text storage |
| Account names readable by staff |
✓ Encrypted, unreadable |
✗ Fully visible |
| Transaction descriptions visible |
✓ Encrypted, private |
✗ Staff can read everything |
| Data breach protection |
✓ Sensitive data encrypted |
✗ All data exposed |
| Email address privacy |
✓ Encrypted in database |
✗ Stored in plain text |
| Support staff data access |
✓ Only numbers, no context |
✗ Full financial history |
Privacy vs. Support Balance
What This Means for Support: Because we encrypt your sensitive data, our support capabilities are intentionally limited:
- Account Details: We can see you have accounts but not what they represent
- Transaction Issues: We can see amounts and dates but not payees or descriptions
- Category Problems: We can see you have budget categories but not their names
- Password Recovery: If you forget your password, encrypted data cannot be recovered
We believe protecting your financial privacy is worth these support limitations, but please keep your password secure!
Session Security
Automatic Protection
- Session Expiration: Automatic logout after 24 hours of inactivity
- Secure Tokens: Cryptographically secure session identifiers
- Key Management: Encryption keys exist only during your active session
- Auto-Cleanup: Keys automatically expire and are removed from memory
Infrastructure Security
- Database Security: Encrypted connections and access controls
- Server Hardening: Regular security updates and monitoring
- Network Security: Firewalls and intrusion detection systems
- Backup Security: Encrypted backups with restricted access
Real-World Example
Here's what we can and cannot see in our database:
What Our Database Shows Us
Your Transaction: "Paid $45.67 to grocery store for weekly shopping"
What We See:
- Amount: $45.67 ✓
- Date: 2025-01-15 ✓
- Payee: "k2x9mP4qR..." (encrypted gibberish)
- Description: "A7bN8kL3..." (encrypted gibberish)
- Account: "9zQw5eR1..." (encrypted gibberish)
We can help with amount discrepancies or date issues, but we have no idea what you bought or where you spent your money!
Responsible Security Practices
Security Questions?
We welcome questions about our security implementation. For security-related inquiries, please contact us at:
Email: justin@jrtstudio.com
For responsible disclosure of security vulnerabilities, please use the same contact method. We appreciate security researchers who help keep our users safe.
Bottom Line: Your sensitive financial data is encrypted with military-grade AES-256 encryption. Even if our database were compromised, attackers would see only meaningless encrypted text instead of your private account names, payees, and transaction details.
← Back to Privacy Policy