End-to-End Encrypted Personal Finance

There is no such thing as perfect security, but we aim to get as close as humanly possible and to be more secure than industry standards. Thoughtful's encryption model isn't perfect, but we think it's better than the competition.

How our E2E encryption works

Thoughtful uses end-to-end AES-256 encryption with TLS to secure your transaction and account data. Your data is encrypted on your phone using a secret key that stays on your phone and is never sent to the server. Once it's encrypted, it is impossible to decrypt the data without the key. This means that nobody but you can access your data, not even employees at Thoughtful. If you link your bank account to automatically import transaction data, encryption works slightly differently - keep reading.

How our E2E encryption works with linked bank accounts

To make your life as easy as possible, we can optionally auto-import your transaction data from your bank accounts using our third party provider, Plaid - a well-established, secure, finance authority which meets all industry standards. When you connect an account, we are granted permission to access your data through Plaid. Transaction and account data is then sent to our servers over a secure TLS connection which we immediately encrypt using hybrid AES-256/RSA public-key cryptography so that you can decrypt it but we can't.

We store access tokens in order to authenticate with Plaid, which themselves are encrypted. We need to store access tokens in order to automatically import your latest transactions when they post to your accounts. By keeping access tokens on our servers we retain access to your data via Plaid but we immediately lose access when you unlink the account and any modifications that you make to your transactions after they are imported such as splitting, renaming, or recategorizing, are invisible to us.

Why this is better than traditional security

The vast majority of applications, including other personal finance applications, use HTTPS (HTTP over TLS) to encrypt your raw data while it is sent over the internet, which is good, but it does not prevent company employees from viewing your data and unfortunately it leaves your data vulnerable if their databases were ever to be exposed.

With data breaches becoming more frequent, we find this concerning. While there is no such thing as perfect security, the best way to prevent your data from being exposed in a breach is to encrypt it before it leaves your hand.