Legal

Access Control Policy

Last updated: June 22, 2026

This policy defines how My Family Budget controls access to application data and production infrastructure.

Application roles (RBAC)

Each household member is assigned one role. Permissions are enforced server-side:

RoleReadWriteManage members
OwnerYesYesYes
PartnerYesYesNo
AdvisorYesYesNo
ViewerYesNoNo

View-only users cannot mutate data or connect banks. All financial queries are scoped to the authenticated user's household.

Authentication requirements

  • Password minimum length: 8 characters (bcrypt hashed at rest).
  • Sessions expire after 30 days; logout deletes the server-side session.
  • Other sessions are invalidated on login and password change.
  • Two-factor authentication (TOTP) is available to all users and required before Plaid bank linking.

Infrastructure access

Production infrastructure access is limited to authorized operators:

  • SSH access to the application server (key-based authentication).
  • Database credentials restricted to the application server IP allowlist.
  • GitHub repository access for code deployment.
  • Plaid Dashboard access for integration management.

All operator accounts on these systems require multi-factor authentication.

De-provisioning

When an operator or household member should no longer have access:

  • Household members: removed by the household Owner in Settings; sessions and membership records are deleted.
  • Operators: SSH keys removed, cloud and GitHub access revoked, and any shared secrets rotated within 24 hours of role termination or transfer.
  • Pending invites: revoked by the Owner; invite tokens expire after 7 days.

Access reviews

Authorized operators review infrastructure access (server, database, GitHub, Plaid Dashboard) at least quarterly. Application audit logs in Settings are reviewed for unusual sign-in, bank, or export activity. Findings are remediated promptly.

Contact

Access questions or requests: support@myfamilybudget.net. See also our Security Policy.