Security architecture
OfficialFinancial protects sensitive financial data with encryption in transit and at rest, field-level encryption for financial profile data, strict access controls, audit logging, and minimized AI data sharing. Next Move AI only receives the information needed to answer your question.
Your roadmap does not require a Social Security Number, so we do not collect or store one.
We do not connect to your bank or store account or routing numbers. You enter balances yourself, and you can edit or delete them at any time.
All traffic is served over TLS. Insecure connections are rejected.
Your sensitive financial profile fields are encrypted at rest with AES-GCM before they touch the database.
Sensitive fields (income, expenses, balances, debts) are encrypted with a key unique to your account, not a single shared key for all users.
A per-user Data Encryption Key (DEK) encrypts your data. The DEK itself is wrapped with a master Key Encryption Key held in our secrets manager. Compromise of one does not expose the other.
Your email and login credentials live in a separate table from your encrypted financial profile blob. Reads are audited.
Next Move AI only receives the minimum information required to answer your question. Identity fields and unrelated data are never sent to the model.
Your AI conversations are encrypted at rest with the same per-user key as the rest of your profile.
All sensitive reads, writes, and admin access are logged with PII redacted (IPs are hashed, user agents are bucketed).
Admin actions require an admin role and are recorded in the audit log.
You can export a copy of your financial data or delete your account from the Settings → Data page. Deletion removes your DEK, which makes ciphertext unrecoverable.
What we do not claim
We do not use marketing language like "100% secure", "hack-proof", "military-grade", or "bank-level". Our claims describe what we actually do — and we publish our architecture so you can evaluate it.