Your financial data, protected like it should be
Tryizzy holds your bank data and tax IDs, so safety comes first, not last. Here is exactly how we protect it, explained in plain English.
Three locks, one after another
In transit
TLS 1.3 + HSTS
At rest
AES-256 volumes
App layer
Tokens + tax IDs re-encrypted
Every row scoped to one business and enforced by Postgres row-level security, so tenants can never read each other.
Six promises, in plain English
You do not need to be technical to know your books are safe. Here is what each protection means for you.
Encrypted in transit
Nobody can read your data on its way to us.
Every connection runs over TLS 1.3, the same encryption your bank uses. Older, weaker protocols are turned off entirely, so the link is always private.
Encrypted at rest
Your data is locked even while it sits still.
Everything we store (databases, backups, and the documents you upload) is encrypted with AES-256. A stolen drive would be unreadable.
A second lock on the sensitive stuff
Bank tokens and tax IDs get encrypted twice.
Your most sensitive fields are encrypted again inside the app, on top of the database encryption. Even someone with database access cannot read them.
Your data is walled off
One business can never see another's books.
Every record is fenced to a single business by row-level security. The database itself blocks any query from crossing into someone else's data.
We never see your bank login
We never touch your bank username or password.
Bank connections go through Plaid, the same service used by major finance apps. You enter your login with Plaid, never with us. We only receive read only transaction data.
Tight, logged internal access
Our team can only reach what the job needs.
Access to production is limited, granted only when required, and recorded. Sensitive actions land in an audit trail that cannot be edited or erased.
Your data is fenced off, and every action is logged
Two of the controls that matter most, drawn out plainly: tenant isolation and the audit trail.
One database, walled per business
A query for your data physically cannot return another business's rows. The policy lives in the database, not just the application.
An audit trail you can read
AI Categorized 42 transactions
09:14You Approved monthly close
09:31System Exported P&L (PDF)
09:33
Sensitive actions are recorded to an append-only log. Entries cannot be edited or deleted after the fact.
What we store, and what we do not
No hand waving. Here is the data that lives in your account, and the data that never touches our servers.
What we store
- Transaction data from connected accounts (read only)
- Categorizations, ledger entries, and the financial statements we generate
- Documents you upload, such as receipts and statements
- Account and contact details needed to run your service and file returns
- Tax records, retained for 7 years as required by the IRS
What we do not store
- Your bank username or password (handled entirely by Plaid)
- Full card numbers (payment is processed by our PCI compliant provider)
- Plaintext tax IDs or bank tokens (these are encrypted at the app layer)
- Any data you have asked us to delete, beyond the legal retention window
Where we are, and where we are headed
In progressSOC 2 roadmap
We are building toward SOC 2 Type II. Our controls are designed against the Trust Services Criteria from day one.
GDPR and CCPA
You can access, export, and request deletion of your data. We honor data subject requests under both GDPR and CCPA.
Retention and deletion
We delete your data within 30 days of a verified request, except tax records the IRS requires us to keep for 7 years.
Security you can actually verify
Connect a bank and watch the first month categorize itself. One flat plan, no setup fees, no annual contract.
Bank grade encryption. No credit card to start.