Placeholder — final legal language pending attorney review.
Sign-in is passwordless — a one-time code sent to your email, or Google sign-in — so there's no password for us to store at all. Optional multi-factor authentication (authenticator app or text message) is available free, for anyone who wants an additional sign-in step. All of this is handled by Supabase Auth.
Bank and mortgage account connections are not currently available. When we launch this feature, it will be brokered by Plaid — your bank credentials would be entered into Plaid's own secure flow and never touch our servers, and we'd store only an encrypted access token rather than balances or mortgage data.
Every table (life items, documents, tasks, links, categories) enforces row-level security in Postgres, scoped to your household membership. Even if a query is crafted maliciously, the database itself blocks access to other households' data.
Uploaded documents live in a private storage bucket, organized by household, and are never publicly listable. Access is only ever granted through short-lived signed URLs generated on demand — there is no permanent public link to any document.
Crecivo never embeds your bank, insurer, or password manager inside an iframe to capture credentials. Every outbound link opens the provider's real site directly.
If you believe you've found a security issue, let us know below and we'll investigate and respond promptly.