Legal
Information Security Policy
Last updated: June 22, 2026
This Information Security Policy (ISP) describes how My Family Budget protects data at https://myfamilybudget.net. It applies to the application, production infrastructure, and operator access to systems that store or process user data.
Scope
Covers the web application, PostgreSQL database, application server, Plaid bank integration, optional OpenAI assistant, and administrative access used to operate the service.
Security principles
- Defense in depth: transport encryption, authentication, authorization, and audit logging.
- Least privilege: role-based access within households; server credentials not exposed to users.
- Data minimization: Plaid Transactions product only; no unnecessary PII sent to third parties.
- Zero-trust orientation: every API request and server action requires a valid session; data scoped by household.
Technical controls
- HTTPS (TLS) on all public endpoints via Let's Encrypt.
- bcrypt password hashing; session tokens stored as SHA-256 hashes only.
- Optional TOTP two-factor authentication; required before Plaid bank linking.
- AES-256-GCM encryption for Plaid access tokens and invite tokens at rest.
- Household data isolation enforced in all server-side queries.
- Rate limiting on authentication, Plaid, and export endpoints.
- Content Security Policy aligned with Plaid Link requirements.
- Parameterized SQL via Drizzle ORM; React output escaping (no dangerouslySetInnerHTML).
- Database connections require TLS (sslmode=require).
Administrative access
Operators with access to production systems must:
- Use multi-factor authentication on DigitalOcean, GitHub, Plaid Dashboard, and email accounts.
- Use SSH key authentication for server access (no shared passwords).
- Restrict database access via provider trusted-source IP allowlists.
- Store secrets in environment files — never in source control.
- Revoke access immediately when an operator leaves or changes role (see Access Control Policy).
Software maintenance
Dependencies are managed with npm and a lockfile. Security reviews use npm run security:audit. Updates are tested on staging before production deployment. End-of-life or unsupported runtime versions are upgraded as part of regular maintenance.
Incident response
Suspected security incidents are investigated promptly. Affected credentials are rotated, sessions invalidated where appropriate, and users notified if their data was impacted. Report concerns to support@myfamilybudget.net.
