FreeBudget Security Policy

Effective Date: 1/1/2025
Last Updated: 7/1/2025

At FreeBudget, the privacy and security of our users’ data is a top priority. This summary outlines our key security practices to safeguard personal and financial information.

1. Data Encryption

• All data in transit is encrypted using TLS 1.2 or higher
• All data at rest is encrypted using AES-256 via MongoDB Atlas

2. Authentication & Access Control

• User authentication is secured via login credentials and JWT (JSON Web Tokens)
• Session integrity is protected with CSRF (Cross-Site Request Forgery) and refresh tokens
• Access to production systems is restricted via two-factor authentication (2FA) and role-based access controls

3. Infrastructure Security

• Applications are hosted on modern cloud platforms (e.g., Render, Vercel)
• Production environments use immutable containers with minimal external exposure
• Security headers and firewall rules are enforced through application-level middleware

4. Monitoring & Incident Response

• Real-time error tracking and anomaly detection is managed through Sentry
• System traffic is monitored for suspicious behavior
• We maintain an Incident Response Plan to address security issues swiftly and transparently

5. Vendor Management

• We use reputable third-party services with strong security track records
• Vendors such as Plaid, MongoDB, Google, and HubSpot are reviewed for compliance and data handling standards

6. User Responsibilities

We encourage users to:

• Use strong, unique passwords
• Keep login credentials confidential
• Report any suspicious activity to support@freebudget.org

7. Contact

If you have questions about our security practices or believe your account may have been compromised, please contact us:

• Email: support@freebudget.org
• Company: Budget Social Inc (dba FreeBudget)