Data Privacy & Security

Your financial data is sensitive. JE-PFM is designed with multiple layers of protection to keep it private and secure.

No Bank Credentials

JE-PFM never asks for your bank login credentials. Instead, you download OFX/QFX files directly from your bank and upload them yourself. This means there is no stored password or API token that could be compromised to access your bank accounts.

Row-Level Security

All data in JE-PFM is protected by PostgreSQL row-level security (RLS) policies enforced at the database level. These policies ensure that:

• SELECT queries only return rows belonging to the authenticated user. Requesting another user's data returns an empty result, not an error.
• INSERT operations require the correct user ID. Attempts to write data under a different user are rejected.
• UPDATE and DELETE operations silently ignore rows that do not belong to the authenticated user.

This means that even if application code contains a bug, the database itself prevents unauthorized access to your data.

Authentication

JE-PFM uses Supabase Auth for session management. Sessions are secured with JWTs (JSON Web Tokens) and support:

• Email and password authentication with configurable password requirements.
• OAuth sign-in with Google and other providers.
• Magic link (passwordless) sign-in via email.

All authentication traffic is encrypted with HTTPS.

Data Encryption

• In transit — all connections between your browser and JE-PFM servers use TLS encryption.
• At rest — the database is hosted on Supabase infrastructure, which encrypts stored data using AES-256.

Your Data, Your Control

You can export all of your data at any time and delete your account if you choose to leave. When an account is deleted, all associated data is permanently removed from the database.