Security & data handling
Last updated: June 7, 2026
OrientME can hold some of the most sensitive information in your life — your accounts, balances, holdings, and transactions. This page explains, in plain language, how those connections work, what OrientME can and can't do with them, and how your data is protected. It complements our Privacy policy, which covers the full picture of what we collect and why.
You connect your accounts through your own bank or brokerage's login — OrientME never sees or stores that password. The access is read-only: OrientME can show your data but cannot move money or place trades. Your provider credentials are encrypted at rest and in transit, kept isolated per user, and you can disconnect or delete everything at any time.
How account connections work
If you choose to link an account, you authenticate directly with your financial institution through a trusted, regulated data provider — you never give OrientME your bank or brokerage password:
- Banks are connected through a trusted, regulated bank-connection provider. You sign in to your bank inside the provider's secure flow; OrientME receives a connection token plus your account details, balances, and recent transactions — not your bank username or password.
- Brokerages are connected through a trusted brokerage-connection provider. You authorize the brokerage inside the provider's secure flow; OrientME receives your holdings and balances.
You can also track everything entirely manually — add accounts, balances, assets, and debts by hand — without connecting anything at all.
What OrientME can and can't do
| OrientME can | OrientME cannot |
|---|---|
| Read your balances, holdings, and recent transactions | Move, transfer, or withdraw money |
| Show your net worth, cash flow, and portfolio | Place trades or change your accounts |
| Refresh that data on a schedule you control | See or store your bank/brokerage password |
These connections are read-only. They exist only so OrientME can display your own data back to you.
How your data is protected
- Encrypted in transit. All traffic uses HTTPS (TLS), and bank connections use mutual TLS — both sides present a certificate — so data moving between OrientME and your providers is encrypted and authenticated.
- Encrypted at rest. The credentials that keep your accounts connected are encrypted in our database using strong, industry-standard encryption (AES-256), with the encryption key held separately from the data. A copy of the database alone cannot reveal them.
- Isolated per user. Every record is scoped to your account; one user's data is never visible to another.
- Kept out of diagnostics. When we record an error to fix a problem, we deliberately exclude your financial and health data — it is never sent to our error-monitoring tool.
What we never do
- We don't sell your financial data, or share it with insurers, employers, or advertisers.
- We don't show ads or use advertising or behavioral-tracking technology.
- We only send data to a third party when a feature you use requires it — see Who processes your data below.
Staying in control
- Disconnect any linked bank or brokerage at any time from the Finance Connections menu — syncing stops immediately.
- Hide from search — keep finance out of global search with a single toggle.
- Delete all finance data removes every account, holding, asset, debt, cash-flow entry, and snapshot, and disconnects any linked institutions.
- Delete your account permanently removes your data and revokes the provider connections. See Account.
Who processes your data
To run the features you use, a small set of trusted providers may process your data on our behalf:
| Provider | Used for | When |
|---|---|---|
| A bank-connection provider | Connecting bank accounts | Only if you link a bank |
| A brokerage-connection provider | Connecting brokerage accounts | Only if you link a brokerage |
| A third-party AI provider | AI features like holdings analysis | Only when you trigger an AI feature |
| A public market-data source | Public stock and market prices | When refreshing holding prices |
Each receives only what its task needs, and none is used to build advertising profiles or to train on your personal content.
Reporting a security concern
If you believe you've found a security issue, or have a question about how your data is handled, email us at [email protected] and we'll respond promptly.
No online service can promise perfect security. We work to protect your information, limit what each part of the system can access, and stay honest about how it all works.