How we keep your data safe.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256, managed by Supabase) on Quantro’s primary database. Backups are encrypted with the same scheme.

On top of that, the most sensitive credentials get a second layer of encryption inside the database itself, using AES-256-GCM with a key Quantro holds outside the database:

• Bank-linking access tokens (Plaid)
• Brokerage API keys (e.g. Trading 212)

That means even an attacker who managed to read raw rows wouldn’t be able to use your bank or broker connection.

Every table that holds your data has Postgres row-level security enabled, with policies that only let a user read or write rows they own. Even if a bug let one user’s session query another user’s row, the database refuses.

Subscription state (Premium tier, billing status, Stripe IDs) can only be written by the verified Stripe webhook, enforced at the database level. Users can’t self-promote to Premium by tampering with the client.

Sign-in is handled by Supabase Auth. Passwords are hashed with bcrypt, and sessions are HTTP-only cookies that JavaScript can’t read. Email verification is required before you can sign in.

Google sign-in is available via standard OAuth 2.0; Quantro never sees your Google password.

Quantro never asks for, receives, or stores your bank password.

Banks are linked through Plaid Open Banking, which is the same infrastructure trusted by Monzo, Klarna and Revolut. Plaid handles the bank login on its own infrastructure and returns a read-only token to Quantro. The token can read balances and transactions; it cannot move money.

Brokeragesuse the broker’s own read-only API key, which you generate inside their app and paste into Quantro. We can read positions and balances; we cannot place trades or transfer funds.

All card data goes directly to Stripe Checkout. Quantro never sees your card number, CVC, or expiry. Subscription updates flow back via signed webhooks; we verify Stripe’s signature on every payload before trusting it.

Every page Quantro serves carries a strict Content Security Policy, HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff, and a Permissions-Policy that disables camera, microphone, geolocation and payment APIs by default. Quantro can’t be embedded in an iframe to be clickjacked.

We are not a regulated financial adviser, bank, or money-handling service. We don’t hold any of your money. Every figure is illustrative and final decisions are yours.

We do not sell, share, or rent your data. We do not run third-party analytics or advertising trackers in the app.

If you find a security issue, please email support@quantro.one rather than posting it publicly. We’ll respond within two working days, fix verified issues quickly, and credit you on this page if you’d like.