Security

Your data is handled with care.

We built Equiscore around bank-level data access. That means our security standards have to match. Here is how we protect your information.

FCA authorised Open Banking

Your bank connection is handled by TrueLayer, an FCA authorised Account Information Service Provider. We never see your banking password or PIN. The connection uses the same secure Open Banking standard your bank uses for its own app integrations.

Encrypted in transit and at rest

All data transmitted between your browser and our servers uses TLS 1.3. Your data is encrypted at rest on Railway-hosted infrastructure. We do not store your raw bank credentials at any point.

Secure authentication

Account access is handled by Clerk, which supports multi-factor authentication, session management, and device tracking. We recommend enabling MFA on your Equiscore account.

You control what gets shared

Landlords and lenders see only your verified trust profile. They never see your raw transaction data. Share links expire and can be revoked from your dashboard at any time.

Infrastructure security

Equiscore runs on Railway, with automated backups and network isolation between services. Our database is not publicly accessible. Access is restricted to application services only.

Data deletion

You can delete your account and all associated data at any time from your settings page. Deletion requests are processed within 30 days. Open Banking consent can be revoked separately without closing your account.

Found a security issue?

If you believe you have discovered a security vulnerability, please report it responsibly by emailing security@equiscore.app. We take all reports seriously and will respond within 48 hours.