Security

Security & Data Protection

Balance On Hand is designed to protect your financial data through client-side encryption, data minimization, and a privacy-first architecture. This page explains how we protect your data, what we store, and what happens if something goes wrong.

Key principle: Your budget backup is encrypted on your device before it reaches our servers. Balance On Hand is designed so that we cannot read your budget data without your recovery phrase.

How we protect your data

Balance On Hand uses a privacy-first approach to cloud backup:

  • Client-side encryption: If you use cloud backup, your budget data is encrypted on your device before it is sent to Balance On Hand servers. The encrypted backup is designed so that it should not be readable without your recovery phrase.
  • Non-custodial recovery phrase: Your recovery phrase is created and stored on your device. Balance On Hand does not store your recovery phrase on our servers and is designed so that we cannot decrypt your budget backup without it.
  • No bank linking: Balance On Hand does not connect to your bank account and does not access your banking credentials.
  • No ads: Balance On Hand does not display advertisements and does not use your data to serve ads.
  • No data selling: Balance On Hand does not sell your data to third parties.

What we store vs. what we do not store

Balance On Hand is designed to minimize the data stored on our servers.

What we store

  • Encrypted cloud backup data (not readable without your recovery phrase)
  • Account identifiers needed to manage backup and subscription access
  • Backup timestamps
  • Subscription status information

What we do not store

  • Your recovery phrase
  • Decryption keys capable of reading your budget backup
  • Readable budget data (such as bill names, income amounts, account balances, pay dates, or creditor details)
  • Full payment card numbers (payments are handled by Stripe)

As part of a prior security review, user email was removed from backup records to further reduce the data stored with cloud backups.

Cloud backup retention

Balance On Hand Pro includes encrypted cloud backup. Here is a summary of what happens to your backup data at each stage:

  • Active Pro subscription: Your encrypted cloud backup is available for save and restore.
  • Pro subscription ends: Your encrypted cloud backup is retained for up to 30 days so you have time to renew or restore access.
  • After 30 days: Your encrypted cloud backup is permanently deleted from active backup systems.
  • Immediate deletion: You may request deletion of your cloud backup data at any time. Once deleted, it cannot be recovered.

For the full retention policy, see Cloud Backup Data Retention Policy.

Data breach response

Balance On Hand treats any unauthorized access to its systems seriously. If we discover unauthorized access to systems that may affect user data, we will investigate promptly, contain the issue, determine what information was involved, and notify affected users when required or when we believe notice is appropriate.

Because Balance On Hand is designed to encrypt budget backups before they reach our servers, unauthorized access to backup storage alone should not reveal readable budget details unless the attacker also has the user's recovery phrase or decryption key. However, account metadata may still be present, so we treat any unauthorized access seriously.

Notifications depend on what was accessed, whether readable or actionable data was exposed, and applicable legal requirements.

For our full incident response plan, see Incident Response Plan.

Shared responsibility

Protecting your data is a shared effort between Balance On Hand and you as the user.

Balance On Hand is responsible for

  • Protecting the systems, services, and cloud backup infrastructure that Balance On Hand operates
  • Using privacy-first design, data minimization, authentication, and encrypted backup storage to reduce the risk that our systems expose user financial data
  • Investigating and responding to security incidents affecting Balance On Hand systems
  • Following data retention and deletion commitments

Balance On Hand is not responsible for unauthorized access caused by

  • Lost or stolen devices
  • Unlocked device access
  • Malware or keyloggers on user devices
  • Compromised browser extensions
  • Screen viewing by others
  • Screenshots saved to cloud photo backup
  • User sharing their recovery phrase
  • User storing recovery phrase in insecure locations such as notes apps
  • Compromised email, Google, iCloud, Android, or password manager accounts
  • Jailbroken or rooted devices
  • Weak device PIN or password
  • Public or shared computer use

Recovery phrase safety

Your recovery phrase is the key to your encrypted cloud backup. Balance On Hand is designed so that we do not store your recovery phrase and cannot recover your data without it.

  • Keep your recovery phrase private and store it somewhere safe.
  • Do not screenshot your recovery phrase.
  • Do not store your recovery phrase in places that others may access, such as shared notes apps, unprotected documents, or cloud storage that syncs automatically.
  • If you lose your recovery phrase, Balance On Hand cannot recover your encrypted cloud backup for you.

This page is provided for general informational purposes. Balance On Hand uses reasonable security measures but does not guarantee that any system is completely immune to unauthorized access. Security practices are reviewed and updated as needed. For questions, please visit the contact page. Last updated: 2026.