Shekl
Sign up
Back to home

Security

Last updated: April 5, 2026

At Shekl, safeguarding your financial data is our highest priority. We implement multiple layers of security across infrastructure, application, and operational practices to ensure your data remains protected at all times.

1. Data Encryption

All data is encrypted both in transit and at rest. We use AES-256 encryption for stored data and TLS 1.3 for all network communications. API requests between the frontend and backend are additionally encrypted at the application layer using AES-256-CBC with server-managed keys.

2. Authentication & Access Control

  • Secure Authentication: Passwords are hashed using industry-standard algorithms. We support OAuth 2.0 via Google for convenient and secure sign-in.
  • Session Management: Sessions use HttpOnly cookies that are inaccessible to client-side JavaScript, reducing the risk of session hijacking.
  • Role-Based Access: Team members are granted permissions based on their role within your organization. Data is strictly isolated between companies.

3. Infrastructure Security

  • Cloud Hosting: Our infrastructure runs on enterprise-grade cloud providers with SOC 2 Type II certification.
  • Network Isolation: Application components are deployed in isolated network segments with strict firewall rules.
  • Automated Backups: Database backups are performed automatically and encrypted, ensuring data durability and recovery capabilities.

4. Financial Data Handling

We treat financial data with the highest level of care:

  • Read-Only Connections: Bank integrations via Plaid use read-only access tokens — Shekl can never initiate transactions on your behalf.
  • Data Isolation: Each company's data is logically isolated. Team members in one company cannot access another company's data.
  • Minimal Data Sharing: When using AI classification, only non-personally-identifiable transaction metadata (descriptions, amounts) is sent to AI providers. Your data is never used to train third-party models.

5. AI & Third-Party Processing

Our AI-powered classification and forecasting features are designed with privacy in mind. Transaction data sent to AI providers is stripped of personally identifiable information. All third-party providers are bound by data processing agreements that prohibit data retention or model training on your data.

6. Application Security

  • Input Validation: All user inputs are validated and sanitized to prevent injection attacks.
  • CSRF Protection: Cross-site request forgery protections are enforced on all state-changing operations.
  • Dependency Management: We regularly audit and update dependencies to address known vulnerabilities.

7. Incident Response

We maintain an incident response plan that includes immediate containment, root cause analysis, and transparent communication. In the unlikely event of a security incident affecting your data, we will notify affected users promptly in accordance with applicable regulations.

8. Contact

If you discover a security vulnerability or have concerns about our security practices, please contact us at sheklbalcend@gmail.com. We take all reports seriously and will respond promptly.

Legal

Terms of ServicePrivacy PolicyCookie PolicySecurityAbout SheklContact