Security & trust

You are trusting Hy-Worth with a complete picture of your wealth. That deserves specifics, not slogans — here is exactly how your data is stored, isolated, and encrypted, and what we will never do with it.

Where your data lives

  • Stored in Switzerlandyour data is stored in Switzerland (Zurich) and processed in the EU (Frankfurt), under Swiss data-protection law (FADP) and the GDPR.
  • A Swiss companyHy-Worth is built and operated by Hy-Lev SA, a Swiss company. Your relationship is with a Swiss entity, not an offshore shell.

How your data is isolated

  • Row-level security on every tableevery database table enforces per-user isolation at the database layer itself. Even a bug in the application code cannot read another user's rows — the database refuses.
  • Modern authenticationsign-in uses the PKCE flow with secure, SameSite session cookies. Household sharing is owner-directed and permission-checked on every request.
  • Abuse protectionsensitive endpoints are rate-limited and fail closed — if the limiter is unavailable, destructive actions are refused rather than allowed through.

Encryption, specifically

  • In transitall traffic is encrypted with TLS. There is no unencrypted path to your data.
  • At restthe database and backups are encrypted at rest in the Zurich data centre.
  • Document vault: zero-knowledgefiles in the estate vault and company documents are encrypted in your browser with AES-256-GCM before upload, under keys derived from a passphrase only you know. We store ciphertext only — we cannot read, decrypt, or recover your documents, by design.

What we never do

  • No bank logins requiredHy-Worth is manual-first. You never have to hand over bank credentials to use it.
  • We don't sell your datayour financial data is not sold, rented, or shared for advertising. Our only revenue is your subscription.
  • We never see your cardpayments are handled entirely by Stripe. Card numbers never touch our servers.

Security in practice

  • Auditedthe full security audit of July 2026 found no critical or high-severity vulnerabilities — the per-user isolation boundary held on every table tested.
  • Guarded in CIautomated checks run on every code change, including guards that block deploys if a money-handling path or the isolation conventions regress.
  • Preparedwe maintain an incident-response playbook and GDPR Article 30 processing records — with notification duties under Swiss FADP and GDPR taken seriously, not discovered on the day.

You stay in control

  • Export everythingdownload a complete export of your data from Settings at any time.
  • Delete everythingaccount deletion removes your data, including uploaded documents from storage, with backups purged within 30 days.
  • Your keys, your documentsthe vault passphrase never leaves your device. Lose the passphrase and the recovery kit, and not even we can restore access — that is the guarantee working as intended.

Questions?

Security disclosures, privacy questions, or anything this page should cover — write to privacy@hy-worth.com.

Privacy Policy · Terms of Service