Built to protect
Your data is safe with us
Security is a core part of how Moni Budget is built, not an afterthought. Here's what we do to protect your data.
Your data is safe with us
Password hashing
Passwords are hashed with bcrypt before storage. We never store plain-text credentials.
Two-factor authentication
Protect your account with TOTP-based 2FA using any authenticator app (Google Authenticator, Authy, etc.).
Encrypted connections
All traffic is served over HTTPS with TLS. Data in transit is always encrypted.
No data selling
Your financial data is never sold to third parties.
Our security practices
Session management.Sessions are signed with a secret key and expire after a configurable inactivity period. Session tokens are stored as httpOnly cookies to prevent client-side JavaScript access.
Authentication flow.Moni Budget uses NextAuth v5 with a credentials provider. The two-phase login (password → TOTP) ensures that stolen passwords alone are not enough to access an account with 2FA enabled.
Data isolation.Every query is scoped to the authenticated user's ID. It is not possible to read or modify another user's data through the API.
Data portability.Export your full transaction history to CSV at any time. Your data stays yours — no lock-in, no surprises if you decide to leave.