Security & trust
You are trusting Hy-Worth with a complete picture of your wealth. That deserves specifics, not slogans — here is exactly how your data is stored, isolated, and encrypted, and what we will never do with it.
Where your data lives
- Stored in Switzerland — your data is stored in Switzerland (Zurich) and processed in the EU (Frankfurt), under Swiss data-protection law (FADP) and the GDPR.
- A Swiss company — Hy-Worth is built and operated by Hy-Lev SA, a Swiss company. Your relationship is with a Swiss entity, not an offshore shell.
How your data is isolated
- Row-level security on every table — every database table enforces per-user isolation at the database layer itself. Even a bug in the application code cannot read another user's rows — the database refuses.
- Modern authentication — sign-in uses the PKCE flow with secure, SameSite session cookies. Household sharing is owner-directed and permission-checked on every request.
- Abuse protection — sensitive endpoints are rate-limited and fail closed — if the limiter is unavailable, destructive actions are refused rather than allowed through.
Encryption, specifically
- In transit — all traffic is encrypted with TLS. There is no unencrypted path to your data.
- At rest — the database and backups are encrypted at rest in the Zurich data centre.
- Document vault: zero-knowledge — files in the estate vault and company documents are encrypted in your browser with AES-256-GCM before upload, under keys derived from a passphrase only you know. We store ciphertext only — we cannot read, decrypt, or recover your documents, by design.
What we never do
- No bank logins required — Hy-Worth is manual-first. You never have to hand over bank credentials to use it.
- We don't sell your data — your financial data is not sold, rented, or shared for advertising. Our only revenue is your subscription.
- We never see your card — payments are handled entirely by Stripe. Card numbers never touch our servers.
Security in practice
- Audited — the full security audit of July 2026 found no critical or high-severity vulnerabilities — the per-user isolation boundary held on every table tested.
- Guarded in CI — automated checks run on every code change, including guards that block deploys if a money-handling path or the isolation conventions regress.
- Prepared — we maintain an incident-response playbook and GDPR Article 30 processing records — with notification duties under Swiss FADP and GDPR taken seriously, not discovered on the day.
You stay in control
- Export everything — download a complete export of your data from Settings at any time.
- Delete everything — account deletion removes your data, including uploaded documents from storage, with backups purged within 30 days.
- Your keys, your documents — the vault passphrase never leaves your device. Lose the passphrase and the recovery kit, and not even we can restore access — that is the guarantee working as intended.
Questions?
Security disclosures, privacy questions, or anything this page should cover — write to privacy@hy-worth.com.