Every security page lists the same things. Encryption at rest. Encryption in transit. SOC 2 Type II. We have all of them. It's a floor, not a wall.
The question worth asking any service that holds your financial data is simpler. What is the company incentivized to do with it?
Kubera sells software. That's the whole business. We don't sell financial products. We don't run ads. We don't have a sales team working through accounts to decide who to call next. Nobody here is paid to open your portfolio and decide what to pitch. That isn't a policy we wrote. It's the structure of the company.
The free net worth trackers are built the other way. Empower (Personal Capital) is the best-known. It's free because you are the lead. Humans on their team read through what you've connected, and when your assets cross a threshold, you get a call selling an advisory service that charges roughly 1% a year, forever.
That's the surface area worth worrying about. Encryption keys are hard to steal. Humans paid to read your balance sheet don't have to steal anything. They just open the file.
At Kubera, nobody has a reason to look. That is the design.
Your banking credentials. Your crypto private keys. The ability to move your money.
Kubera connects to your accounts through a network of financial aggregators: Plaid, Mastercard, MX, Yodlee, Akoya, SnapTrade, Lean, Akahu and Salt Edge.
For institutions without Open Banking APIs, you enter your credentials on the aggregator's secure screen. Our servers never see them. For institutions with Open Banking, credentials go straight to the bank's OAuth page. For API-key connections, we ask for read-only access. For crypto wallets, we only need the public address.
The aggregators return a read-only feed. We cannot initiate transactions. Nothing in the architecture lets us.
Yes. At rest and in transit. Not end-to-end.
End-to-end encryption means the service holding your data can't read it, because only you have the keys. It's the right model for a password manager. It's the wrong model for Kubera, because almost everything Kubera does requires the server to compute on your data. Background syncing. Recap. Fast Forward. Beneficiary transfer. Club Benchmarks. All of those need the data readable on the server side.
Your data on Kubera is encrypted at rest on AWS and encrypted in transit over HTTPS with HSTS enforced. A stolen backup is unreadable without the keys. Traffic between your browser and our servers is unreadable in flight.
If your use case requires end-to-end encryption, don't use Kubera. Use 1Password.
Your banking credentials are not there. We do not store them.
Your data is encrypted at rest. A stolen backup is useless without the decryption keys.
Traffic uses HTTPS with HSTS, so browsers refuse non-secure connections. Someone intercepting traffic gets nothing readable.
Yes, under specific conditions.
Support staff see data when required for debugging. Personally identifiable information is masked in our internal tools by default. Database administrators technically hold the decryption keys, but their employment contracts make unauthorized access a terminable and prosecutable act.
When someone on the team needs to unmask data for maintenance or debugging, the session requires an approved reason, logs the activity, and generates an audit trail the compliance team reviews. Admin accounts are protected by 2FA.
The short version: a small number of people at Kubera can look at your data. They have to explain why. The system records the session. If they misuse it, they are fired and prosecuted.
Do not store passwords, credit card numbers, or crypto private keys. Not even in the document vault for beneficiary transfer.
That is what password managers are for. Use 1Password.
Kubera is for what you own and owe. Not for the keys that control it.
If you signed up with Google and your Google account has 2FA, you are done.
If you use a Kubera username and password, turn on 2FA in Settings > Security. We support TOTP authenticators: Authy, 1Password, Google Authenticator, Microsoft Authenticator.
Someone with your password but not your phone gets nothing.
Yes.
Deletion removes your data from our primary database immediately and signals our aggregators to disconnect your accounts and purge their copy.
Backups rotate on a 30-day cycle. Your data is gone from those within the cycle.
Kubera maintains a SOC 2 Type II report covering the systems behind Kubera for Business and our white-label platform. We share the report and related documentation with eligible business customers and partners under confidentiality.
Our privacy program is designed around GDPR and UK GDPR. See the Privacy Policy for details.
If you find a security issue, email hello@kubera.com. Details on our Vulnerability Disclosure Program.
More questions: hello@kubera.com
