Security and privacy

MeJu was built to look after your money without exposing your life. Here is what we do under the hood.

  • Row-level security per workspace

    Every workspace (personal, couple, family) is isolated by Postgres RLS. No query can cross the boundary.

  • Encryption at rest

    Database and backups are encrypted by Supabase. Keys rotated by the provider.

  • TLS 1.3 in transit

    Everything that leaves your browser arrives encrypted. No plain HTTP on any endpoint.

  • Secrets in env vars

    No keys in code. All sensitive values live in Vercel environment variables.

  • Statements are not stored

    When you upload a PDF or CSV, we parse it in memory and discard the file. Only the structured records remain.

  • Threat model

    We think about compromised accounts, employee access and data exfiltration. Each has an active mitigation.

Found a flaw?

Responsible disclosure is welcome. A formal bug bounty program lands in a later phase. For now, email the team.

Contact the team

See also the full Privacy Policy.