Skip to content
spaife
Security & privacy

How we protect your data

Spaife handles sensitive financial data, so security and honesty come first. Here's exactly what we do today, who we work with, and what we're still building — no claims we can't back up.

What we do today

The protections in place right now

Encrypted in transit & at rest

Traffic is protected with TLS in transit, and your data is encrypted at rest by our cloud provider.

Read-only connections

When you link an account, Spaife reads records to build your estimate. It can never move your money.

We never sell your data

No selling or renting to data brokers or advertisers — ever. It’s written into our Privacy Policy.

Export & delete anytime

Your records belong to you. Export them, or request deletion of your account and data, whenever you want.

Trusted infrastructure

Built on Google Cloud / Firebase, with provider-managed encryption, access controls, and monitoring.

Secure sign-in

Sign in with Google, Apple, or email. Passwords are managed and hashed by Firebase Authentication — we never store them ourselves.

Who we work with

Subprocessors

The trusted services that help run Spaife. They process data only to provide their service to us, under their own security and data-processing commitments.

Google Cloud / Firebase

Hosting, authentication, database, and file storage

Stripe

Payment processing — card details are handled by Stripe (PCI-DSS), not stored by us

Planned — not yet active

AI provider (e.g. Google Gemini)

Will power optional AI-assisted features — not yet enabled

Account aggregators (e.g. Plaid / Pinwheel)

For read-only account connections — not yet enabled

Your data, your control

You stay in control

  • Export: download your records in a portable format at any time.
  • Deletion: request account deletion and we remove your data from active systems within 30 days (backups within 90).
  • No lock-in: leave whenever you like — your data goes with you.

Full details of what we collect and why are in our .

Report a vulnerability

Found a security issue?

We welcome responsible disclosure. Email security@spaife.com with the details and steps to reproduce. Please give us reasonable time to investigate and fix before any public disclosure, and don't access or modify data that isn't yours.

Machine-readable contact: /.well-known/security.txt

Where we stand

Honest about our compliance status

Spaife is in active development and has not completed an independent security audit (such as SOC 2). We don't display badges or certifications we don't hold — when we earn them, you'll see them here.

Our roadmap

  • • [ Formalize our security policies and access reviews — target: TBD ]
  • • [ Independent penetration test — target: TBD ]
  • • [ SOC 2 Type II — target: TBD ]

Built carefully, in the open

Questions? security@spaife.com

spaife

Spaife outputs are estimates and projections to help you plan and organize your records — not tax, legal, or financial advice, and not a guarantee of any refund. Estimates are only as complete as the data you enter. AI features are AI-assisted and some are still rolling out. Your data is encrypted in transit and at rest; account connections are read-only. © 2026 Spaife.