How we protect your financial information — and what we never do with it.
We built Unmanaged on a simple principle: we should have the minimum access necessary to do our job, and nothing more.
That means read-only access to your holdings. That means no ability to move money or execute trades. That means we never ask for your brokerage password — Plaid handles authentication directly with your financial institution.
It also means we don't keep data we don't need, we don't share data with anyone, and we give you complete control over deletion.
We use Google Sign-In exclusively. No usernames. No passwords. No credential database for hackers to target.
When you sign in with Google, authentication happens entirely on Google's servers. We receive a cryptographic token confirming your identity — never your password.
Enable it on your Google account. You'll get Google's enterprise-grade 2FA — hardware security keys, authenticator apps, or push notifications to your phone. It protects both your Google account and your Unmanaged account automatically.
This approach means we have zero stored credentials that could be leaked, phished, or brute-forced. Your security is as strong as your Google account — and Google invests billions in keeping that secure.
All portfolio data is encrypted using AES-256 before it touches our database. Your holdings, account values, and analysis results are unreadable without the encryption keys.
All communication between your browser and our servers uses TLS 1.3. Data never travels unencrypted. API calls to Plaid and other services are also encrypted end-to-end.
Production data access is limited to essential personnel only. All access is logged and audited. There is no "admin view" of customer portfolios.
We run on AWS with SOC 2 certified infrastructure. Databases are in private subnets with no public internet access. Backups are encrypted.
Account connections go through Plaid, not us. We never see your brokerage credentials. Plaid is SOC 2 Type II certified and used by thousands of financial apps.
We request the minimum Plaid permissions needed: positions and balances. We cannot initiate transactions, move money, or modify anything in your accounts.
We don't sell your data. Not to data brokers, marketers, financial advisors, or anyone else. Your portfolio is not a product we monetize.
We don't share your data with "partners." There are no affiliate relationships where your information is the currency.
We don't use your data for marketing. Your holdings don't trigger targeted ads or promotional emails from third parties.
We don't train AI models on your portfolio. Your data is used solely to generate your analysis.
We don't send your data to third-party AI providers. Our AI-powered analysis runs entirely within AWS Bedrock — Amazon's secure, private AI infrastructure. Your financial data never leaves our AWS environment. No external models from OpenAI, Anthropic, or anyone else ever see your portfolio.
We don't keep data longer than necessary. When you delete your account, we delete your data. Permanently.
For the complete list, see our 40 things we will never do.
You can view all the data we have about you at any time through your account dashboard.
You can export your analysis as a PDF. Your data belongs to you.
You can delete your account and all associated data at any time. Deletion is permanent and complete within 30 days.
You can disconnect your brokerage connections at any time through your account settings or directly through Plaid.
If you have any questions about your data, email us at privacy@beunmanaged.com. A human will respond.
We follow SOC 2 aligned security practices covering data encryption, access control, and audit logging. Our infrastructure runs on AWS, which maintains SOC 2 Type II certification.
Plaid, our account aggregation provider, is SOC 2 Type II certified and compliant with CCPA and other applicable regulations.
We comply with CCPA (California Consumer Privacy Act) and respond to all valid data requests within the required timeframes.
If you have questions about our security practices or want to report a vulnerability, we want to hear from you.
security@beunmanaged.com