Is Even Cents secure? How your data is encrypted
Short answer: your financial data in Even Cents is encrypted at rest under a key derived from your password, which means the people who run Even Cents cannot read it. Not in the database, not in the backups. Here’s the longer answer, because trust should come from understanding how something works, not from a badge.
What “encrypted at rest” actually means here
A lot of services say “encrypted at rest” and mean the disk is encrypted — which protects against someone stealing the physical drive, but does nothing if the operator (or anyone who compromises the operator) can simply read the database. The data is plainly visible to whoever holds the keys, and that’s the company.
Even Cents works differently. When you sign up, a unique random key is generated just for your account. Everything sensitive you enter — amounts, payees, notes — is encrypted with that key before it’s written to the database. The database only ever sees ciphertext.
The key is derived from your password
The piece that makes this meaningful: your account’s key is itself locked with a key derived from your password using a slow, deliberately expensive hashing function (Argon2). Your password never reaches our database in a usable form, and the key that decrypts your data only exists, in the clear, for the duration of your session after you log in.
The practical consequence: we can’t read your data, because we don’t have the key. An employee querying the database sees gibberish. A breach of our backups exposes gibberish. The only thing that unlocks your data is your password, entered by you.
The honest trade-off
This is the part other apps gloss over, and we won’t. A key only you hold means a key only you can lose.
If you forget your password, you can still get back in with the one-time recovery code shown when you sign up — it’s a second key to the same lock, which is why you should store it somewhere safe. But if you lose both your password and your recovery code, your data is genuinely unrecoverable. We can’t reset it for you, because “resetting” it would require us to have had access all along — which is exactly the access we designed away.
That’s not a limitation we’re embarrassed by. It’s the cost of a guarantee that’s actually worth something: nobody but you can read your money.
Sharing, without giving up the guarantee
Household sharing keeps the same promise. When you invite someone, your account key is encrypted to their account — so they can decrypt your data, but the operator still can’t. The trust is between you and the person you invited, never with us.
You can read more about the product on the about page, or just start tracking your paychecks — it’s free.