Skip to content
Lefover Join the waitlist

Security

It can see. It can never move.

The trust page, claim by claim. What the connection can do, what Lefover stores, what stays on your device, and how you leave.

Read-only AES-256-GCM 3 regions, isolated
Chapter 01 · The connection

Read-only, all the way down.

It watches. It cannot act.

The bank connection is read-only. It can see transactions, and it can never move money or pay anyone.

Your credentials never reach us

You enter them in your bank's own connection flow, on your device. They never touch Lefover's servers.

What Lefover keeps is a token

Lefover stores only an access token for the connection, encrypted at rest with AES-256-GCM.

Chapter 02 · In transit

Encrypted on the way, pinned at the door.

Everything travels encrypted

Every request between the app and Lefover is encrypted in transit.

The app pins Lefover's certificates

In production, the app accepts Lefover's certificates and no others, so it will only speak to Lefover.

Chapter 03 · On your device

The phone is part of the security model.

Sign-in without passwords

You sign in with the account already on your phone, through its platform sign-in. There is no Lefover password to steal.

Sensitive actions ask again

Disconnecting a bank or deleting your account asks for your device biometric or passcode again.

Covered in the app switcher

The screen is covered in the app switcher, so your numbers are not left in plain view.

A warning on rooted devices

The app warns you when it is running on a jailbroken or rooted device.

Chapter 04 · Your data

Kept in your region, gone when you say.

Your region keeps your data

Separate databases for the United States, Canada, and the United Kingdom. Your data lives in yours and is never shared across regions.

Diagnostics are scrubbed

Diagnostics are scrubbed of personal data before they leave the device.

Deletion is yours to run

You can delete your account yourself, in the app.

A lapsed subscription is not kept forever

If your subscription lapses, your data is deleted after 90 days, with a reminder before it happens.

The specifics are the point.

Everything above is specific on purpose. When we can promise more, this page will say so.