Security
Your data and privacy
Bank-level encryption, on-device AI, no tracking SDKs, no data sales. The full breakdown.
OneTruth Money is built around a simple promise: your money, your data, never anyone else's.
What we collect
- The accounts you choose to link via Plaid (balances + transactions).
- The bills, notes, documents, and goals you create in the app.
- Your sign-in identifier from Apple, Google, or email (so we know it's you).
- Email address (for transactional emails like security alerts).
What we don't collect
- No third-party analytics SDKs (no Google Analytics, no Mixpanel, no Amplitude, no Segment).
- No advertising SDKs (no Facebook Pixel, no AdMob, no Branch).
- No behavioral tracking. We measure the app's health (crashes, performance), not your actions.
- No "device fingerprinting." Your phone's IDFA is never read.
How it's stored
- Postgres on Supabase, encrypted at rest using AES-256.
- All connections use TLS 1.3 in transit.
- Per-row Row-Level Security ensures one user can only ever read their own data.
- Backups are encrypted and stored in a different region than the primary.
On-device AI
When the AI assistant can answer your question without leaving the device, it does. Apple Intelligence runs locally on iPhone 15 Pro and newer. For requests that need cloud help, only the question text and the relevant context are sent — never your raw transactions, never your account credentials.
Data export
Settings → Privacy → Export my data generates a single ZIP containing everything we have on you, in human-readable JSON. Delivered as a one-time-use download link.
Account deletion
Settings → Privacy → Delete my account sends a confirmation email. Clicking through deletes your account and all associated data within 24 hours. We keep nothing in backups beyond 30 days.