HTTPS, SSL, and TLS
Production traffic for cashflowARC should be served through HTTPS so browser sessions are encrypted in transit. Local development URLs such as 127.0.0.1 may use HTTP, but the public site should use TLS.
Security
Security built around private financial data.
cashflowARC is designed for sensitive money workflows. The goal is clear: encrypted connections, minimal exposure, and plain-language controls.
Encryption messaging
cashflowARC communications are encrypted in transit, meaning that no one can listen in and capture your personal data while it moves between your browser and the service. Sensitive service credentials and provider tokens are kept server side and should not be exposed in browser code or public repositories.
Bank connectivity
budgetARC uses a bank connectivity provider flow for account access. You authorize access through that flow. cashflowARC does not see, read, or store your financial institution username or password; it uses authorized account and transaction data to power the dashboard.
Personal information
cashflowARC does not sell your personal information, financial data, transaction history, balances, app activity, or forecasts. The product is not built around advertising profiles or data broker resale.
Data access
Financial data should be used only for the product experiences you requested: cash flow views, categorization, planning, insights, and forecasts. Access should be limited to the app services that need it to operate.
What security does not mean
No website can promise zero risk. cashflowARC should be used with strong passwords, secure devices, HTTPS, and careful access control. If you notice suspicious behavior, stop using the affected connection and contact the site owner through the channel that provided your access.