Security

Security at Saielo

Built privacy-first · Encryption end-to-end · No bank data, ever

Saielo handles information about your financial future. We treat that responsibility seriously. This page explains how Saielo is built to protect your data — including from us.

End-to-end encrypted plan

AES-GCM encryption on-device. Saielo's servers store opaque blobs we cannot decrypt.

No bank linking

No Plaid. No screen-scraping. No bank credentials of any kind. Permanent design choice.

EU-region data

Encrypted blobs stored in Frankfurt under GDPR. Strongest data protection regime applies regardless of your location.

Sign in with Apple

Saielo never sees your Apple ID password. Biometric authentication on-device.

Hard-deletion in 30 days

Account deletion request triggers permanent removal of all your data. We do not maintain hidden backups.

No ads, no data sales

Saielo's revenue model is paid subscriptions. Your financial life is not the product.

How encryption works (in detail)

When you first launch Saielo and sign in, your device generates a Data Encryption Key (DEK) using a cryptographically secure random source. The DEK never leaves your device in plaintext.

Your plan — the answers from onboarding, the projections, the check-in history — is encrypted with the DEK using AES-GCM (Galois/Counter Mode), the standard authenticated encryption algorithm used by major banks and government systems.

The DEK itself is wrapped (encrypted) with a Key Encryption Key (KEK) derived from your account credentials. The wrapped DEK is stored on our servers alongside your encrypted plan. The KEK never leaves your device.

To read your plan, our servers must give your device both the encrypted plan and the wrapped DEK. Your device unwraps the DEK using your KEK, then decrypts the plan. Saielo's servers never possess the keys needed to decrypt anything.

What this protects against

Database breach.If our database were compromised, the attacker would see opaque blobs. They could not read any user's plan. They could not even confirm what data structure exists.
Insider access.Saielo's operators cannot read user plans. The architecture makes this technically impossible, not just policy-restricted.
Lawful access requests. If served with a subpoena, Saielo can hand over encrypted blobs and account metadata. We cannot hand over plan contents because we cannot read them.

What this does not protect against

Honest disclosure: encryption is one layer of defense. It does not protect against:

Compromise of your device. If someone has unlocked physical access to your iPhone, your plan is readable.
Compromise of your account credentials. If someone gets your sign-in credentials, they can sign in on a new device and decrypt your plan.
Future regulatory requirements. If a future law requires us to weaken our encryption, we will explore every alternative — including ceasing operation in that jurisdiction. We have not accepted any backdoor.

Reporting a security issue

If you discover a security vulnerability, please email security@saielo.com. We will respond within 48 hours. Responsible disclosure is appreciated and will be acknowledged publicly with permission.

We do not currently run a paid bug bounty program. We may add one as the user base grows.

Audits and certifications

Saielo is a young product. We have not yet undergone formal security audits (SOC 2, ISO 27001, etc.) — these are typically pursued at scale. As we grow, we will pursue them.

What we have today: a deliberate architecture, the use of standard cryptographic primitives, no shortcuts on user data protection, and a public commitment to keep it that way.

Security questions

Talk to us

If you're a security researcher, a privacy advocate, or just curious about how Saielo handles your data — we'd genuinely like to hear from you.

security@saielo.com