Security

Your family's financial data deserves clear boundaries.

Unyt is built around account security, explicit family access, and careful document handling. Coming from the core fintech backgrounds, both the founders wanted security to be the first thing in the product and not an after thought. Here is how we protect the information your family may need most.

Security that makes sharing easier to trust

lock

Secure sign-in and sessions

Your information is available only after authenticated sign-in. Sessions expire on inactivity, and sensitive account actions require fresh confirmation where appropriate.

shield_lock

Sensitive data handled carefully

Financial records, documents, and notes move over secure connections. Fields configured as sensitive are protected at rest on the backend, and document parsing runs only when you explicitly upload and confirm.

verified_user

Account is the key

Your information only appears when you are signed in. In family mode, only people you have invited — and who belong to your family in the app — can see what you choose to share. Visibility is private, family, or shared, with explicit access levels.

visibility

Granular Me / Family / Shared visibility

Every account, policy, document, and contact carries a visibility flag. You decide on each item whether it is private to you, visible to your family space, or shared with specific members. Collaboration without giving up governance.

Operating practices

  • shield

    Transport security

    All traffic is served over HTTPS with HSTS. Additionally, we also secure the transmission using E2EE (End to End Encryption). We do not accept downgrade.

  • storage

    Data residency

    Production data is stored in MongoDB Atlas in India, in line with Indian data-localisation expectations.

  • no_accounts

    No data sales, no model training

    We do not sell/advertise your data. We do not use your account contents, documents, or notes to train AI models. Document parsing happens in scoped, user-triggered flows.

  • history

    Auth and session controls

    Sessions expire on inactivity. Sensitive actions such as family invitation acceptance and account deletion require additional confirmation.

  • science

    Independent audits

    We are working toward third-party security certification. We will publish dated attestations here as they are completed — we will not list certifications we do not yet hold.

  • mail

    Responsible disclosure

    Found a vulnerability? Email support@unyt.money. Our security.txt is published at /.well-known/security.txt. We acknowledge reports within five business days.

What we will not do

  • · We will not sell your data to anyone, ever. Take our word for it, founders promise
  • · We will not train AI models on your account contents, documents, or notes.
  • · We will not show third-party advertising inside Unyt.
  • · We will not require you to share more than you want to with your family.
  • · We will not claim certifications we do not hold.

Report a security issue

We take responsible disclosure seriously. Reach us at support@unyt.money - we acknowledge reports within five business days.

Secure Enough? Let's get started