Security and Access Control
Last updated March 2026. This page summarizes the controls GreenLightBudget uses to protect data.
Access control
Access to operational systems is limited to authorized administrators. Application access is authenticated, and customer data is restricted by household using database row-level security controls.
Authentication and credentials
GreenLightBudget uses authenticated sessions for app access. Administrative systems are intended to be protected by individual accounts and multi-factor authentication where available.
Encryption
Data is transmitted over HTTPS/TLS. Plaid access tokens are encrypted at rest before being stored. GreenLightBudget does not store customer banking credentials directly.
Infrastructure providers
GreenLightBudget relies on Vercel for hosting, Supabase for database and authentication, and Plaid for financial data access.
Vulnerability and patching approach
Dependencies and infrastructure settings are reviewed and updated as part of ongoing development and maintenance. Formal third-party security certification and testing may be added as the product matures.
Contact
Security questions can be directed to sean@seanduran.com.