Data Encryption

• Encryption at Rest: All data is stored in a PostgreSQL database (powered by Neon) with encryption at rest provided by the database infrastructure
• Encryption in Transit: All connections use HTTPS/TLS encryption provided by Replit's hosting infrastructure to protect data as it moves between your browser and our servers
• Secure Sessions: Your login sessions use HttpOnly, Secure, and SameSite cookies configured in the application to prevent session hijacking and XSS attacks

Complete Data Isolation

• User-Specific Access: Every financial record (income, expenses, receipts) is linked to your unique user ID
• No Cross-User Access: Users cannot access, view, or modify other users' data through the application
• Authenticated Access Only: All financial data requires authentication - unauthenticated users are redirected to login

Security Protections

• CSRF Protection: Flask-WTF CSRF protection is enabled to prevent unauthorized form submissions from malicious websites
• Rate Limiting: Flask-Limiter enforces rate limits (200 requests/day, 50 requests/hour default, stricter limits on sensitive endpoints) to protect against brute-force attacks
• Input Validation: User inputs are validated (e.g., tax year ranges, date parsing) to prevent common issues
• Secure File Uploads: Receipt uploads are validated by file extension (PNG, JPG, JPEG only) and stored with secure filenames to prevent path traversal attacks

Transparency & Admin Access

We believe in complete transparency about data access:

• Database Access: System administrators have technical access to the database for maintenance, backups, and troubleshooting
• Privacy Commitment: We do not access, view, or analyze individual user data unless required for technical support with your explicit permission
• No Data Selling: We never sell, share, or monetize your financial data with third parties
• Support Access: If you request technical support, we may ask permission to access your specific data to resolve issues

Authentication & Access Control

• OAuth Integration: Secure authentication through Replit OAuth supporting Google, GitHub, and email login
• Session Management: Persistent sessions with secure cookie configuration; authentication is managed through Replit OAuth's token system
• Password Security: We don't store passwords - authentication is delegated to trusted OAuth providers (Google, GitHub, Replit)

What Data We Store

• Account Information: Email, name, and profile details from your OAuth provider
• Financial Records: Income, expenses, tax calculations, and uploaded receipts you provide
• User Preferences: State, filing status, tax reminder settings, and app preferences
• Usage Data: Login times and session information for security purposes

Your Data Rights

• Data Export: Download all your financial data in CSV format at any time
• Data Deletion: You can delete individual records or request complete account deletion
• Data Portability: Your data is yours - export it whenever needed for tax filing or personal records
• Update Access: Modify or correct any of your financial information at any time