Security at WorthIQ

You're trusting us with your financial data. We take that seriously. Here's exactly how we protect it.

256-bit Encryption

All data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256. The same standard used by financial institutions and government agencies.

Plaid-Powered Connections

We never see or store your banking credentials. Plaid — trusted by thousands of apps and millions of users — handles all authentication directly with your bank.

Read-Only Access

WorthIQ has read-only access to your accounts. We can see balances and transactions — we cannot move money, make payments, or initiate any transactions whatsoever.

No Credential Storage

Your bank username and password never touch WorthIQ's servers. Authentication happens entirely within Plaid's secure infrastructure.

Secure Infrastructure

WorthIQ runs on Railway's managed cloud infrastructure. Production database access requires multi-factor authentication and is restricted to authorized personnel only.

Revoke Anytime

You can disconnect any linked financial account at any time from the app. Disconnecting immediately revokes WorthIQ's access to that account's data.

Powered by Plaid

Your credentials stay with your bank

WorthIQ uses Plaid, the industry standard for financial data connectivity. Plaid is trusted by thousands of apps — including Venmo, Robinhood, and Coinbase — and connects to over 12,000 financial institutions.

When you link an account, you authenticate directly with your bank through Plaid's secure interface. WorthIQ only receives a read-only access token — never your credentials.

Learn about Plaid's security →
12,000+ supported financial institutions
Read-only access tokens — no write permissions
Direct bank authentication — WorthIQ never sees your password
Trusted by millions of users across thousands of apps

Common questions

Can WorthIQ make transactions on my behalf?

No. WorthIQ has strictly read-only access to your accounts. We can view balances and transaction history, but we cannot move money, make purchases, or initiate any transactions of any kind.

Does WorthIQ store my bank login credentials?

Never. Your banking username and password are only ever entered into Plaid's secure interface. They never pass through WorthIQ's servers or get stored in our database.

What happens to my data if I delete my account?

When you delete your account, all your personal data — including linked account data and transaction history — is permanently deleted from our systems within 30 days.

Who at WorthIQ can access my financial data?

Access to production data is restricted to a small number of authorized engineers and requires multi-factor authentication. We do not sell, share, or monetize your financial data.

Is WorthIQ safe to use with my primary bank account?

Yes. Because access is read-only via Plaid, there is no mechanism for any party to initiate transactions. Your money is always safe. Millions of people use Plaid daily with their primary financial institutions.

How is the Sage AI powered, and is my data safe with it?

Sage is powered by Anthropic's Claude API. When you request insights, a summary of your financial context is sent to Anthropic. We do not send raw credentials or account numbers. Anthropic's API does not use your data to train their models.

Found a security issue?

We take security reports seriously. If you've discovered a vulnerability, please disclose it responsibly by emailing us directly.

worthiq2026@gmail.com