Security

We take security seriously. Your financial data is protected with industry-leading security measures and best practices.

Last Modified: November 20, 2025

We take security seriously

While we like to keep things friendly and approachable, security is one area where we don't compromise. Your financial data is protected with multiple layers of security, encryption, and industry best practices.

Access & Authentication

Data Access

The MoneyDesk team does not access or interact with customers' data as part of normal operations. There are cases where a customer requests that we access their information, or where required by law. All data access is access-controlled, requires customer approval when applicable, and is documented with the reason for access and timestamps.

(See our Privacy Policy for details on how we might use aggregate data for internal business purposes.)

Password Security

Your MoneyDesk account password is one-way salted and hashed using multiple iterations of a key derivation function for passwords. Even if someone were to gain unauthorized access to our password database, they would not know your password and would be forced to guess every possible password combination (which is computationally infeasible with modern security standards).

We prevent brute force password attacks and help you choose stronger passwords by ensuring they meet security requirements for length and complexity.

Account Deletion

Should you choose to delete your MoneyDesk account, all of your financial data is completely and irreversibly removed from our database. We do not simply mark your account as inactive. We completely destroy all account data. (To be clear, you explicitly request this deletion. If you happen to let your account lapse accidentally, we don't assume you mean to delete all your data.)

Data Retention

We retain account data for a period of time after an account expires, whether through trial expiration or subscription expiration, unless you delete your account as described above. This allows you to reactivate your account and recover your data if needed.

More information on data retention can be viewed in our Privacy Policy.

Infrastructure

Our infrastructure is built on modern cloud platforms that implement industry-leading security measures. We use secure, scalable infrastructure providers that undergo regular security assessments and maintain high standards for data protection.

We are committed to maintaining the highest security standards and are continuously working towards obtaining industry certifications and compliance standards. Our security practices are regularly reviewed and updated to ensure your data remains protected.

Note: We are actively working towards obtaining industry certifications and compliance standards. Our security measures are implemented following industry best practices, even as we pursue formal certifications.

Payment Security

We use PCI-DSS certified payment providers to process credit card transactions. Your payment details are sent directly to our certified payment processor's systems rather than ours, ensuring that your sensitive payment information never touches our servers.

We never store your full credit card information on our servers. All payment processing is handled by our secure, certified payment partners.

Encryption

All data sent between your computer and MoneyDesk uses bank-grade encryption. We force your browser to use an encrypted connection (HTTPS/TLS) and won't let your computer communicate with our servers unless that connection is secure.

Encryption in Transit

All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher, the same encryption standard used by banks.

Encryption at Rest

All stored data is encrypted at rest using industry-standard encryption algorithms to protect your information even when it's stored on our servers.

Social Engineering Security

All the technical security measures in the world are useless if someone cons you into handing them your username and password.

No MoneyDesk team member will ever ask for your password

If someone asks you for your username or password, it's not us. Only provide your credentials when logging into MoneyDesk directly.

Always verify the domain

MoneyDesk will always use app.moneydesk.co or moneydesk.co as the domain name. Always look for this when logging into MoneyDesk, or following any link from a bookmark or email.

Report Security Issues

If you discover a security vulnerability or have concerns about our security practices, please report it to us immediately. We take all security reports seriously and will investigate promptly.

Report Security Issue