Security & privacy
Built quiet, built safe.
Tomiko handles sensitive financial data, so security is the first design constraint, not an afterthought. Here is how your money and your data are protected.
Your bank credentials never reach us
When you connect a bank, the login happens entirely inside our licensed open-banking provider. Tomiko only ever receives read-only account and transaction information — never your banking password, and never the ability to move money.
Read-only by design
Tomiko is an account-information tool. It cannot make payments, transfers, or any change to your bank account. The worst case for your money is that a figure is shown incorrectly — never that it moves.
Encrypted and EU-hosted
All traffic runs over HTTPS. Your data is stored encrypted at rest in the European Union, on managed infrastructure. Messages from our banking provider are cryptographically signed and verified before we act on them.
Isolated per person
Every table that holds your data is protected by row-level security in the database. Even inside our own systems, one account's data is structurally unable to surface in another's.
We don't sell or share your data
Tomiko has no advertising, no cross-user benchmarking, and no third-party inference on your transactions. The spending coach runs only against your own data. We do not sell it, and we share it only with the providers needed to run the app.
Telemetry is yours to allow
In our next native release, crash and performance reporting stays off until you turn it on, and signing out clears it. On the build you may be using today, there is one residual path — an unhandled-error route inside the underlying Firebase SDK can still send a crash record before sanitization, regardless of the toggle. We are closing that with the upcoming native build.
You can leave with your data
Export your product data, or delete your account at any time. Categorization-related audit records may take longer to remove while we ship the final cleanup.