Security & Compliance
Your financial data deserves the highest level of protection. We use military-grade encryption and industry-leading security practices to keep your information safe.
AES-256 Encryption
Bank-level security
GDPR Compliant
EU data protection
CCPA Compliant
California privacy
Privacy by Default
Your data is private
How We Protect Your Data
Multi-layered security approach to keep your financial information safe
Bank-Level Encryption
All data is encrypted using AES-256 encryption, the same standard used by banks and financial institutions.
- Encryption in transit (TLS 1.3)
- Encryption at rest (AES-256)
- Encrypted database backups
Secure Authentication
Industry-standard authentication powered by Supabase with advanced security features.
- Secure password hashing (bcrypt)
- Email verification required
- Session token management
Database Security
Row-level security and data isolation ensure your information stays private.
- Row-level security policies
- Multi-tenant data isolation
- Automated security updates
Secure Infrastructure
Enterprise-grade infrastructure with redundancy and monitoring.
- Hosted on secure cloud infrastructure
- Regular security audits
- 24/7 monitoring and alerts
Trusted Third-Party Services
We partner with industry-leading providers who meet the highest security standards
Supabase
Enterprise PostgreSQL database with built-in security features and compliance certifications.
Authentication, database, storage
OpenAI
SOC 2 Type II certified AI provider with strict data handling and privacy policies.
AI models, API security
Finnhub
Secure financial data provider with enterprise-grade API security and reliability.
Market data, real-time quotes
Compliance & Data Privacy
We comply with major privacy regulations to protect your rights
GDPR Compliance
European Union data protection
We comply with the General Data Protection Regulation (GDPR) for all users, regardless of location.
- Right to access your data
- Right to data portability
- Right to erasure ("right to be forgotten")
- Transparent data processing
CCPA Compliance
California privacy protection
We comply with the California Consumer Privacy Act (CCPA) to protect California residents.
- Right to know what data we collect
- Right to delete personal information
- Right to opt-out of data sales (we don't sell data)
- Non-discrimination for exercising rights
Your Data Rights
You have complete control over your personal data. At any time, you can:
- • Request a copy of all your data (data export)
- • Modify or update your personal information
- • Delete your account and all associated data
- • Withdraw consent for data processing
- • File a complaint with supervisory authorities
To exercise any of these rights, visit your account settings or contact us at privacy@heywarren.com
Incident Response & Best Practices
Incident Response
In the unlikely event of a security incident, we have a comprehensive response plan:
- 1.Immediate detection and containment
- 2.Investigation and impact assessment
- 3.User notification within 72 hours
- 4.Remediation and prevention measures
- 5.Regulatory reporting if required
Security Best Practices
Help us keep your account secure by following these best practices:
- Use a strong, unique password
- Never share your login credentials
- Log out when using shared devices
- Keep your email account secure
- Report suspicious activity immediately
Questions About Security?
We're transparent about our security practices and happy to answer your questions.