Infrastructure & Hosting

Rizqly.app utilizes a modern, serverless architecture that relies on industry titans for physical and network security.

• Google Cloud Platform (GCP): Our backend services run on Google's secure infrastructure. Google data centers feature a layered security model, including custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, and metal detectors. GCP is certified for ISO 27001, SOC 2/3, and PCI DSS.
  Read about Google Cloud Security →
• Netlify: Our frontend application is deployed via Netlify's global Edge network. Netlify provides automated DDoS protection, continuous deployment with immutable builds, and SOC 2 Type II compliance.
  Read about Netlify Security →

Data Handling & Storage

Free (Basic) Plan: All data is stored exclusively in your browser’s local IndexedDB storage. Nothing is transmitted to our servers. Your financial data never leaves your device.

For users on our Standard and Premium plans, data synchronization is handled by Google Firebase.

• Encryption at Rest: All user data stored in our Cloud Firestore database is automatically encrypted using AES-256 standards.
• Encryption in Transit: All data transmitted between your device (browser/mobile) and our servers is encrypted using TLS 1.2+ (Transport Layer Security).
• Row-Level Security (RLS): We utilize robust Firestore Security Rules to enforce strict access control. This ensures that a user can only read and write data that belongs to their specific User ID.
  Learn more about Firebase Privacy & Security →

Automated Deletion as a Security Feature

To minimize the risk of data breaches, Rizqly limits the duration of cloud storage. By enforcing a 67-day maximum retention policy for expired accounts (30-day trial + 7-day grace + 30-day buffer), we ensure that sensitive financial history is returned to the user's local control. If the data is not on our servers, it cannot be accessed by unauthorized parties.

Learn more about Firebase Privacy & Security →

Identity & Authentication

We do not store your passwords. Rizqly.app leverages Google Identity Platform for secure authentication across all plans (Free, Standard, and Premium).

• Google SSO (Single Sign-On): We encourage users to sign up using their Google Accounts. This delegates authentication to Google, meaning we never touch your credentials. You benefit from Google's advanced risk analysis and 2-Factor Authentication (2FA).
• Secure Token Exchange: Once authenticated, your device receives a short-lived ID token used to authorize API requests. This token is refreshed automatically and securely.

Read about Google Identity Platform →

Bank Integration (Upcoming)

For Premium users, we will integrate with Plaid, the industry leader in financial data connectivity, to sync your bank transactions.

• No Credential Storage: When you link a bank account, you enter your credentials directly into a secure iframe provided by Plaid. Rizqly.app never sees, processes, or stores your bank username or password.
• Tokenization: We exchange your successful login for a secure access_token. This token allows us read-only access to your transaction data.
• Compliance: Plaid is certified SOC 2 Type II and is trusted by major financial apps like Venmo, Chime, and TransferWise.

Read about Plaid's Safety Measures →

Your Role in Security

While we secure the infrastructure, keeping your account safe is a partnership:

• Secure Devices: Ensure your computer and mobile devices are protected by a passcode or biometric lock.
• Google Account Security: Since we use Google SSO, keeping your Google account secure (e.g., enabling 2-Step Verification) automatically secures your Rizqly.app account.
• Public Computers: Always log out when accessing your financial data from a public or shared computer.