RighthandGet Started

Security

Our Commitment to Security

At Righthand, protecting your data is our top priority. We implement industry-standard security measures to ensure your personal and financial information remains safe and confidential.

Data Encryption

In Transit

All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. This ensures that your information cannot be intercepted or read by unauthorized parties.

At Rest

All stored data is encrypted at rest using AES-256 encryption. This includes your personal information, financial data, and conversation history.

Access Controls

We implement strict access controls to protect your data:

  • Role-based access control (RBAC) limits data access to authorized personnel only
  • Multi-factor authentication (MFA) required for all critical systems
  • Principle of least privilege ensures employees only access data necessary for their role
  • Regular access reviews and immediate revocation upon role changes

Authentication

User authentication is handled via secure phone verification with one-time codes. We do not store passwords. Access tokens are short-lived and securely managed.

Third-Party Integrations

We partner with industry-leading providers who maintain the highest security standards:

  • Plaid - Bank-level security for financial data access (SOC 2 Type II certified)
  • Stripe - PCI DSS Level 1 certified payment processing
  • Supabase - SOC 2 Type II certified database infrastructure
  • Vercel - SOC 2 Type II certified hosting platform

We never store your bank credentials. Financial connections are made securely through Plaid's encrypted infrastructure.

Infrastructure Security

  • Hosted on SOC 2 compliant cloud infrastructure
  • Regular security patches and updates
  • Automated vulnerability scanning and dependency monitoring
  • DDoS protection and rate limiting
  • Regular backups with encryption

Data Retention & Deletion

We retain your data only as long as necessary to provide our services. You can request deletion of your account and associated data at any time through your account settings or by contacting us. Upon request, we will delete your personal data within 30 days, except where retention is required by law.

Incident Response

In the unlikely event of a security incident, we have procedures in place to:

  • Quickly identify and contain the incident
  • Assess the impact and affected data
  • Notify affected users within 72 hours as required by applicable laws
  • Implement measures to prevent recurrence

Employee Security

  • Background checks for employees with data access
  • Security awareness training
  • Confidentiality agreements
  • Secure workstation policies

Reporting Security Issues

If you discover a security vulnerability, please report it to us immediately at security@righthand.so. We appreciate responsible disclosure and will work with you to address any issues promptly.

Contact

For security-related inquiries, contact us at security@righthand.so