Auravest stores financial data on infrastructure in the AWS Sydney region, encrypted at rest with AES-256. Traffic between your browser and the server is encrypted in transit with TLS 1.3.
What we have
- Your account email and a password hash (not the password itself).
- Your assets, liabilities, transactions, goals, and profile fields.
- For Up Bank integrations: an encrypted Personal Access Token you supplied. We use it only to call Up's API on your behalf.
What we don't have
- Your bank login passwords. We never see them and have no way to retrieve them.
- The ability to move money out of any connected account. All connections are read-only.
- The ability to log into your bank's website.
Where data is sent
Your data is processed in AWS Sydney. When you use the AI assistant, the relevant excerpts of your data (your question and the dashboard context needed to answer it) are sent to the AI provider over an encrypted connection. Under our contract with that provider, your data is not used to train their public models.
Compliance
We operate under Australia's Privacy Act 1988 (Cth) and follow the Australian Privacy Principles (APPs). Detail on the legal basis for processing, retention, and your rights as a data subject is in the Privacy Policy.
Reporting a security issue
If you believe you've found a vulnerability, email [email protected]. We'll acknowledge within two business days.