Security at inve.money

Your portfolio data is sensitive. We treat its protection as our highest priority.

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your portfolio information is never stored in plaintext.

We only request read-only permissions to view your holdings. We cannot execute trades, withdraw funds, or modify your broker account in any way.

We never store your broker login credentials. Authentication happens directly with your broker through secure OAuth flows.

Portfolio data is accessed through RBI-regulated Account Aggregator APIs, the same framework used by banks and financial institutions.

We only collect the minimum data needed to provide our analysis. You can delete your account and all associated data at any time.

Have security concerns?

If you have questions about our security practices or want to report a vulnerability, please contact us.