Security

How we handle your data.

Eight specific answers to the eight things people actually worry about. No vague promises. No legal boilerplate here — that's on the privacy page.

Built right

A real NZ company. Not a scam.

No bank login required. No data selling. Subscription is the entire business model.

YOUR DATA
CSV gets processed, then deleted.
We parse your bank export, store the categorised transactions, then bin the raw file. We never see your login.
YOUR MONEY
We don't touch it. Only show you it.
Handled is not a bank. We can't move money. We can't authorise a payment. We can only count.
YOUR PRIVACY
No ads. No data selling. Ever.
$10 a month is the whole business model. If we ever change that, we'll tell you in plain English.
Under the hood

Eight specifics.

ENCRYPTION
TLS everywhere, AES-256 at rest.
All data in transit uses TLS 1.2+. Data at rest in Azure SQL is encrypted with AES-256. Keys are managed by Azure Key Vault.
AUTHENTICATION
Microsoft Entra External ID.
Sign-in is handled by Microsoft's identity platform. We never see your password. Tokens expire. Sessions timeout.
INFRASTRUCTURE
Azure serverless. No public-facing VMs.
The API runs on Azure Functions. There are no servers to patch, no SSH ports open, no attack surface beyond the API itself.
RAW FILE DATA
Your CSV is deleted after processing.
We parse the file, categorise the transactions, then delete the raw CSV immediately. We store only the structured data.
BANK ACCESS
We never have it.
Handled is not a bank. We can't see your accounts, initiate payments, or authenticate to your bank on your behalf. CSV upload is intentional.
PAYMENTS
Stripe handles all billing.
We never see your card number. Stripe is PCI DSS Level 1 certified. Subscription management goes through Stripe's hosted portal.
YOUR DATA
Export and delete any time.
You can export all your data as CSV from the app at any time. Deleting your account removes everything within 30 days.
PRIVACY ACT
Compliant with the NZ Privacy Act 2020.
We collect only what's needed to run the service. We don't sell data. We don't share data with third parties for advertising.
Questions

The ones people actually ask.

Direct bank feeds in NZ are expensive and require partnership deals. CSV export is universal — every major NZ bank supports it, it works today, and it lets us keep the price at $10.