Trust is the entire business

Security & Privacy

This product asks founders to show it their money. We built trust as a feature set first, here's exactly how.

The five promises

We never ask for or store bank credentials. Business data is read-only from Stripe via OAuth; everything personal is entered by you.

No ads, no data brokerage. Our business model is subscriptions, not your data.

No black box. Every component of your Wealth Score is visible and explained.

Metrics reconcile to Stripe to the cent, reconciliation is a first-class feature.

One-click export and permanent deletion of all your data, on demand.

✓Encryption in transit (TLS) and at rest; secrets in a managed vault; Stripe tokens stored encrypted and scoped read-only.
✓Row-Level Security enforcing per-user isolation on every table; least-privilege service keys.
✓Audit logging on data access; rate limiting; CSRF/XSS hardening; dependency scanning.
✓Responsible-disclosure process and a public security contact.
✓SOC 2 readiness posture from day one, controls documented even before formal audit.
✓Minimal data retention; no storage of raw card data (Stripe handles PCI scope).

Found a vulnerability? Email security@zortia.com. We respond to all reports and credit good-faith researchers.