Legal · Security

Security

Last updated 16 May 2026

WYN Financial Ltd. handles sensitive financial data, and security is a core design constraint rather than an afterthought. This page describes the controls that protect your information and the boundaries the Service deliberately does not cross.

Read-only by design. The Service can view your account data, but it cannot move money, place trades, or change your accounts. There is no code path that initiates a payment or a transaction — that capability simply does not exist.

01 Credential handling

We never ask for, see, or store your online banking or brokerage passwords. Authentication with your financial institutions is performed entirely within our regulated data providers — Plaid for personal banking and SnapTrade for brokerage accounts. They return a scoped, read-only access token; that token is all WYN Financial ever holds, and it cannot be used to authorise transfers or trades.

02 Encryption

Provider access tokens are encrypted at rest using AES-256-GCM, an authenticated encryption algorithm, with a unique random initialisation vector generated for every record. Tokens are never written to logs or stored in plaintext. All data transmitted between your browser, the Service, and our providers is protected with industry-standard TLS encryption.

03 Authentication and access control

Sign-in is handled through GitHub OAuth, so WYN Financial never manages or stores a password. Access to the private workspace is further limited to an explicit allowlist of approved email addresses — an account that is not on the allowlist cannot reach any financial data, even with valid GitHub credentials.

04 Tenant isolation

Every record in the system is scoped to a single tenant. Queries are constrained to the signed-in user’s tenant, so one workspace cannot read or modify the data of another. The public demo runs in its own isolated tenant populated only with sample data.

05 Webhook verification

Inbound notifications from our data providers are cryptographically verified before they are processed. Plaid webhooks are validated by checking their ES256 JWT signatureagainst Plaid’s published public keys. Notifications that fail verification are rejected.

06 Automated synchronisation

Scheduled data syncs run on a recurring job. The job endpoint is protected by a secret bearer token, so it cannot be triggered by an unauthenticated caller. Every sync — whether manual, scheduled, or webhook-driven — is recorded in an audit log capturing its source, status, record counts, and any error codes.

07 Data storage

Financial data is stored in a PostgreSQL database under our control. Balance snapshots are immutable point-in-time records, and transactions are soft-deleted rather than destroyed, which preserves a verifiable history and supports recovery from provider data corrections.

08 What we will never do

  • Move, transfer, or withdraw money from any account
  • Place, modify, or cancel trades or orders
  • Open, close, or change the settings of your accounts
  • Store your banking or brokerage passwords
  • Sell your data or share it for advertising

09 Your role in security

Because sign-in depends on GitHub, the security of your GitHub account directly protects your financial data. We strongly recommend enabling two-factor authentication on GitHub, using a strong and unique password, and reviewing your connected accounts periodically. Disconnect any institution you no longer wish to share.

10 Responsible disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability, please report it privately to sean.ionwyn@gmail.com with enough detail to reproduce the issue, and allow a reasonable period for it to be addressed before any public disclosure. Please do not access data that is not yours or degrade the Service while testing. We appreciate good-faith research and will acknowledge valid reports.