Trust

Security
Statement

Last updated: June 1, 2026

This page explains in plain English how 7 Pillars protects your financial data. No legal jargon. If you have a question that isn't answered here, email us at security@7pillars.app.

Our commitments

What we promise

Read-only access, always. Sophia can see your accounts but cannot move money, initiate payments, or make changes to your financial accounts. This is enforced at the infrastructure level — not just a policy.
We never see your bank password. All bank connections are established through Plaid. Your credentials go directly to Plaid's encrypted system — they never pass through 7 Pillars servers.
Your data is never sold. 7 Pillars is a subscription business. Your financial data is not our product and never will be. We do not sell, rent, or share your data with advertisers or data brokers.
You can disconnect anytime. Remove any connected account from Settings at any time. Your data is deleted within 30 days of account closure.
We will notify you of breaches. In the unlikely event of a security incident affecting your data, we will notify you promptly and in accordance with applicable law.
Technical details

How we protect your data

🔐
Encryption in transit
All data between your device and our servers is encrypted using TLS 1.2 or higher — the same standard used by banks and financial institutions.
🗄️
Encryption at rest
All data stored in our database is encrypted at rest using AES-256 encryption. This includes your financial data, transaction history, and profile information.
🛡️
Row-level security
Every database table is protected by Row Level Security. Your data is cryptographically isolated — no user can ever access another user's data.
Rate limiting
All API endpoints are rate-limited to prevent abuse. Sophia's AI endpoint has a hard cap of 20 requests per user per hour.
🔑
Authentication
User authentication is managed by Clerk, an enterprise-grade authentication provider. Session tokens are short-lived and automatically invalidated on logout.
📎
Secure file storage
Receipt uploads and documents are stored in private cloud storage. Files are only accessible via time-limited signed URLs — direct public access is disabled.
Section 03

How Plaid keeps your bank data safe

7 Pillars uses Plaid to connect to your financial accounts. Plaid is trusted by over 8,000 financial apps and used by millions of Americans.

You can review Plaid's security practices at plaid.com/safety.

Section 04

Our infrastructure

Section 05

Responsible disclosure

If you discover a security vulnerability in 7 Pillars, please email security@7pillars.app with a description of the issue and steps to reproduce it before disclosing publicly.

We will acknowledge your report within 48 hours and work to resolve confirmed vulnerabilities as quickly as possible.

Section 06

Questions

7 Pillars Security
Email: security@7pillars.app
Minneapolis, Minnesota, United States