๐Ÿ”’ Security & Trust

Your financial data
is safe here.

PowerPay is built on institutional-grade infrastructure. We never see your bank password, never store your credentials, and never sell your data โ€” and we tell you exactly how we make money.

93/100
Coalition Cyber
Health Rating
Great
0
Critical security
findings detected
Verified May 2026
0
Data leaks or
breaches found
All clear
What PowerPay does โ€” and doesn't do
โœ“
Read-only bank access

PowerPay connects via Plaid and can only read your balances and transactions. We cannot move money, initiate payments, or modify your accounts in any way.

โœ“
We never see your bank password

You authenticate directly with your bank through Plaid's secure interface. Your credentials are never transmitted to or stored by PowerPay.

โœ“
No credit decisions. No hard pulls.

PowerPay does not access your credit report, does not report to credit bureaus, and has no impact on your credit score.

โœ“
No lending. No financing.

PowerPay is a monitoring and alert tool only. We are not a lender, broker, or financial advisor.

โœ—
We do not sell your data

Your account information is never sold, rented, or shared with third parties for advertising or targeting purposes. Full stop.

How PowerPay makes money โ€” full transparency
๐Ÿ’ฐ
Two revenue streams. Both disclosed.
We believe transparency about monetization is a trust signal, not a liability.
1
Subscriptions

Lite ($3.99/mo) and Pro ($7.99/mo) plans. This is our primary revenue. No ads, no data selling, no surprises. A 14-day free trial is included on all paid plans โ€” no credit card required to start.

2
Contextual affiliate recommendations

Occasionally PowerPay surfaces financial products โ€” a credit card with better rewards for your spending pattern, a credit monitoring service, or a balance transfer offer that could save you money. If you apply and are approved, PowerPay receives a referral fee from the partner. These recommendations are always clearly labeled.

โœ“ What this means
โœ“Recommendations matched to your actual account profile
โœ“Every offer is clearly labeled as a recommendation
โœ“You are never required to engage with any offer
โœ“Matching happens inside PowerPay โ€” not outside it
โœ— What this does not mean
โœ—We do not sell your data to partners
โœ—Partners cannot target you directly
โœ—Your financial data never leaves PowerPay
โœ—Affiliate revenue does not influence our alerts or advice
The key distinction: Your data never leaves PowerPay. When we surface a relevant offer, the match is made internally using your profile. The partner receives a referral signal โ€” not your financial information. This is fundamentally different from selling data.
Data security commitments
๐Ÿ”’
AES-256 encryption
All data encrypted at rest and in transit โ€” the same standard used by major financial institutions and government agencies worldwide.
๐Ÿ›ก๏ธ
Row-level security
Every database query is scoped to your account. It is architecturally impossible for one user to access another user's data.
๐Ÿ‘๏ธ
No credential storage
Bank login credentials are never transmitted to PowerPay servers. Plaid handles all bank authentication directly in their secure environment.
โ˜๏ธ
SOC 2 infrastructure
Hosted on Supabase and Cloudflare โ€” both SOC 2 Type II certified infrastructure providers. Your data never lives on unmanaged servers.
๐Ÿ“ฑ
Read-only API access
Plaid's API connection is read-only by design. PowerPay can never initiate transactions, transfers, or any changes to your bank accounts.
๐Ÿ”
Independent verification
Scored 93/100 by Coalition's independent cyber risk assessment โ€” 0 critical findings, 0 data leaks, 0 malware detected as of May 2026.
Powered by trusted infrastructure
Plaid Bank connectivity

Read-only access to your bank accounts. Plaid powers Venmo, Robinhood, and thousands of financial apps. Your credentials never leave Plaid's secure environment.

Stripe Payments

All subscription billing handled by Stripe โ€” PCI DSS Level 1 certified. PowerPay never stores your payment card information.

Cloudflare Security & CDN

Enterprise-grade DDoS protection, WAF, and SSL/TLS on every request. PowerPay traffic secured by Cloudflare's global network.

Twilio SMS alerts

Statement-close SMS alerts delivered via Twilio โ€” a Fortune 500 communications platform. A2P 10DLC compliant. Reply STOP anytime to opt out.

Supabase Database

PostgreSQL database with row-level security and SOC 2 Type II certified infrastructure. Automated backups. Your data on managed, audited servers only.

Coalition Cyber verified

Independent cyber risk assessment by Coalition โ€” a leading cyber insurance provider. Scored 93/100 with zero critical findings. May 2026.

Questions about security or privacy?

We respond to all security inquiries within 24 hours.

โœ‰๏ธ [email protected]