Legal

Information Security Policy

Version 1.0 · Effective date: May 15, 2026 · Last reviewed: May 15, 2026
Owner: Antwone Johnson · Reviewed annually or upon material change

This policy applies to all systems, infrastructure, and data associated with Budget Silos, operated by Antwone Johnson ("we," "us," or "our"). It governs how we protect user data and maintain the security of the Service.

1. Purpose and Scope

This Information Security Policy establishes the security controls, practices, and responsibilities that govern the Budget Silos mobile application and its supporting infrastructure. It covers all data processed or stored by Budget Silos, including user account data, financial transaction data, and authentication credentials.

2. Access Control Policy

Access to systems and data is granted on a least-privilege basis. The following controls are in place:

All API endpoints require a valid Bearer JWT issued by Supabase Auth. No endpoint is accessible without authentication.
Users can only access their own data — all database queries are scoped to the authenticated user's ID.
Administrative access to Supabase, Vercel, and Plaid dashboards is restricted to the sole operator (Antwone Johnson).
Multi-factor authentication (MFA) is enabled on all administrative accounts: Supabase, Vercel, Plaid, and Apple Developer.
Third-party service access follows the principle of least privilege — each service is granted only the permissions it requires.

3. Authentication and Token Security

Budget Silos uses industry-standard token-based authentication throughout:

User sessions are managed via Supabase Auth using signed JWTs with expiration.
All communication between the iOS client and server occurs over HTTPS/TLS. No unencrypted connections are permitted.
Plaid access tokens are stored encrypted on the server and are never transmitted to or stored on user devices.
Bank credentials (username and password) are handled exclusively by Plaid and never pass through Budget Silos infrastructure.
TLS certificates are managed by Vercel and Supabase and automatically renewed before expiration.

4. Zero Trust Architecture

Budget Silos follows a zero trust model: no request is trusted implicitly, regardless of origin.

Every API request is authenticated by verifying the Bearer JWT with Supabase's auth service before any data is accessed or returned.
There are no internal network trust boundaries — all service-to-service calls are authenticated.
Session tokens have a limited lifetime and must be refreshed; expired tokens are rejected outright.

5. Data Protection and Encryption

All data is encrypted at rest within Supabase's managed PostgreSQL database.
All data in transit is encrypted using TLS 1.2 or higher.
Plaid access tokens are stored at the database level and are not returned in any API response.
No sensitive financial data (account numbers, routing numbers) is stored by Budget Silos.

6. Data Retention and Deletion Policy

Budget Silos retains user data only for as long as the user's account remains active.

Data type	Retention period	Deletion method
User account	Until account deletion	Automated via Supabase Auth admin API
Transaction data	Until account deletion	Cascade delete on account removal
Plaid access tokens	Until bank disconnected or account deleted	Removed from database on disconnect or account deletion
Authentication logs	Managed by Supabase (30 days)	Automatic

Users may delete their account and all associated data at any time from within the app (Settings → Delete Account). Deletion is immediate and permanent.

7. Vulnerability Management and Patching

An automated daily security audit script runs npm audit against all server dependencies and alerts the operator via email if high or critical vulnerabilities are detected.
Critical vulnerabilities are remediated within 7 days of discovery.
High vulnerabilities are remediated within 30 days of discovery.
Moderate and low vulnerabilities are reviewed monthly and addressed in the next scheduled update.
The server runtime (Node.js) is kept on a current LTS release. End-of-life versions are upgraded within 30 days of EOL announcement.
iOS app dependencies are reviewed at each release cycle.

8. End-of-Life (EOL) Software Policy

Budget Silos monitors the lifecycle status of all runtime and framework dependencies:

Node.js is kept on a current LTS version. Migration to the next LTS is completed within 30 days of the current version reaching EOL.
npm packages are checked weekly via the automated audit script. Packages no longer maintained are evaluated for replacement.
The iOS app targets a current iOS SDK version. Deprecated APIs are removed at each major release.

9. Periodic Access Reviews and Audits

A full review of all administrative account access (Supabase, Vercel, Plaid, Apple Developer) is conducted quarterly.
The automated daily audit log is reviewed weekly by the operator.
Third-party service integrations are reviewed annually or when a service announces a material security change.
This policy is reviewed and re-attested annually.

10. Identity and Access Management (IAM)

Supabase Auth serves as the centralized identity provider for all Budget Silos users:

User registration, authentication, and session management are handled by Supabase Auth.
Sign in with Apple is supported as a federated identity option.
User accounts are provisioned automatically upon sign-up and de-provisioned immediately upon account deletion.
There are no shared user accounts or service accounts with standing access — all access is user-specific and token-scoped.

11. De-provisioning Policy

User access is revoked immediately upon account deletion. The deletion flow:

The user initiates deletion from within the app.
The server calls Supabase's admin API to delete the user record and invalidate all active sessions.
All associated data (transactions, Plaid tokens, silo configuration) is removed via database cascade.
Plaid bank connections are de-authorized at the database level.

As a single-operator company, there are no employees to de-provision. If contractors or collaborators are added in the future, their access will be revoked within 24 hours of termination of the working relationship.

12. Incident Response

In the event of a suspected security incident:

The operator will assess the scope and nature of the incident within 24 hours of discovery.
Affected users will be notified within 72 hours if their data may have been compromised.
Plaid and Supabase will be notified immediately if a compromise of their integration credentials is suspected.
Compromised credentials will be rotated immediately.

13. Policy Changes

This policy is reviewed annually and updated as the Service evolves. Material changes will be reflected in the version number and effective date above. Questions about this policy may be directed to support@budgetsilios.com.