Encrypted Plaid access tokens
Used to re-fetch linked-account data when you ask for it. Tokens are encrypted before storage.
Security
We protect by collecting less.
Nrivana handles money-adjacent data, so the first security decision is restraint. We keep the data needed to run the product and avoid storing the data we do not need.
What we do not store on our servers
- Bank passwords.
- Account balances, account numbers, masks, holder names, transactions, or addresses.
- Full SSN, ITIN, PAN, or government-ID values after validation.
- Payment card numbers; Nrivana is not in the cardholder data flow.
What we do hold
Narrow ledger records
Preferences, link/unlink events, KYC status, tax-document metadata, and account-closure receipts.
Sign-in identity
Handled through Firebase Auth. We verify tokens; we do not see your Google or Microsoft password.
Report a vulnerability.
Email security@nrivana.productexperts.cc. Include enough detail to reproduce the issue, but do not send customer data.
Email security