The Aegis Shield
Your treasury is warded by field-level enchantments that individually seal every name, bank, and merchant—AES-256-GCM encryption that keeps your gold hidden even from our own watchtowers.
Security Features
How We Protect Your Data
AES-256 Field-Level Encryption
Every identifying field—names, banks, merchants, descriptions—is independently encrypted with AES-256-GCM and unique initialization vectors. Not just encrypted at rest, but individually sealed.
Enterprise Infrastructure
Your data is hosted on enterprise-grade cloud infrastructure with 24/7 automated monitoring and threat detection.
Admin-Blind Architecture
Even our own team sees only anonymous aggregate trends—never your individual financial details. Your information remains yours alone.
Strong Authentication
Secure passwords and two-factor authentication ensure only you can access your account.
Real-Time Monitoring
Automated threat detection systems monitor for suspicious activity around the clock.
Best Practices
Built on SOC 2 Type II certified infrastructure, with GDPR compliance and ISO 27001 best practices.
The Aegis in Detail
Vault Enchantments
Your financial data is protected by field-level AES-256-GCM encryption. Every name, bank, and merchant is individually sealed with its own unique initialization vector—not just encrypted at rest, but independently warded. Our admin analytics use only anonymous aggregate counters, so our team sees spending trends but never individual details. API keys and sensitive credentials are additionally encrypted with unique keys per user. We use TLS 1.3 for all data in transit.
Gateway Wards
Our APIs use industry-standard authentication and rate limiting. Your financial data is encrypted and processed securely behind our protected gates.
Statement Processing
Your uploaded bank and credit card statements are processed in isolated memory and discarded immediately after transaction extraction—no raw documents are ever stored on our servers. Only encrypted transaction metadata is retained. A file hash is stored for duplicate detection, but no file content is kept. Receipt images are encrypted at rest with per-user keys in secure storage.
Veiled from the Watchtower
Guldza is built with an admin-blind architecture. Our internal tools display only anonymous aggregate counters—demographic trends and spending culture patterns—never individual user financial details. Your email is stored only in the authentication system, completely separated from your financial data. This means even our own team cannot view your personal transactions, balances, or account names.
The Shield-Council
Discovered a weakness in our defenses? Submit a report through our Help Center. Our shield-council takes all reports seriously and responds within 24 hours.