Norrith handles money data, so security is a feature — not a footnote. Here's exactly what we do, in plain English.
We connect to your accounts through Plaid Canada. Plaid handles the bank handshake directly — your banking password never touches Norrith. We receive transaction data only. We cannot send money, pay bills, or open new accounts. There is no code that does any of those things.
Face ID at the app door, biometrics-only. Idle auto-lock kicks in after 60 seconds by default. The app blurs in the multitasking switcher so your balance never leaks via the carousel. Five wrong biometric attempts trigger a 30-second cooldown.
On your device, AES-GCM-256 encrypts the local store, with the master key stored in iOS Keychain behind your biometric. In transit, every connection uses TLS with certificate pinning — a hostile network can't intercept your data even if it's running a TLS-stripping proxy. iCloud sync is disabled; data only leaves the device when you ask the server for it.
Postgres Row-Level Security policies enforce that you can only see rows you own. This runs at the database itself — not just in the application code — so even if the app has a bug, the database refuses to return another user's data.
Two-factor enrollment, password changes, email changes, deletion scheduling — every meaningful security event is recorded to your audit log, visible in Settings → Security inside the app. Emails in our server logs are masked; amounts and tokens are never logged.
Export your full transaction history as CSV, or every record we hold on you as JSON — free, on every tier. When you delete your account, a 30-day soft-delete window lets you change your mind. After that, a scheduled job permanently erases every row that belonged to you.
Built on Apple frameworks · CryptoKit · LocalAuthentication · Supabase RLS · Plaid Canada · No custom crypto