Security & trust

Your money. Locked down.

Your financial data is sensitive. We treat it that way. Enterprise-grade encryption, zero-retention AI, and read-only bank connections. You stay in control of every link.

Get started free

AES-256

Portfolio encrypted

Live

Property · Flat in London4f3a…b21c

ISA · Vanguard FTSE Globald9e7…02af

Pension · NEST workplace7c11…9d4e

Crypto · BTC cold walleta23f…81b6

TLS 1.3 · London · EUVerified

AES-256

Encryption at rest

TLS 1.3

HTTPS everywhere

Zero

AI data retention

Read-only

Bank connections

UK + US

Bank coverage

London

EU data residency

The fundamentals

Four layers between your data and anyone who shouldn't see it.

Everything you put in Aureli is encrypted on disk, encrypted in flight, walled off from the AI, and gated behind cryptographically-signed sessions.

Plaintext

Flat · London£425,000

ISA · Vanguard£87,420

Pension£142,300

Ciphertext

4f3a91d8b21c…

d9e7f410e02af…

7c11a832b9d4e…

01 · At rest

Every record stored encrypted.

Assets, debts, valuations, and bank connection details are written to disk in ciphertext only. Keys are stored separately from the data. A physical breach yields nothing readable.

Your browser

TLS 1.3

https · encrypted in flight

Aureli · London

4f 3a 91 d8 b2 1c 7c 11 a8 32 b9 d4 e9 e7 f4 10 e0 2a f5 8c d2 04 7b 19 33 6a 4e 22 d1 90 02 8f 41 b7 c0

02 · In transit

HTTPS, enforced. No exceptions.

Every byte between your browser and our servers is protected by TLS 1.3. There is no HTTP fallback, no mixed content. The connection is encrypted before a single bit of portfolio data is sent.

What's my biggest exposure right now?

45% of your wealth is in UK property. A flat in London valued at £425,000.

Discarded · no logs, no training

03 · AI chat

Zero data retention. Truly zero.

Aureli's AI runs under a strict zero-retention agreement. Your questions and portfolio context are processed in memory and discarded. Never stored, never logged, never used to train a future model.

Portfolio access

Eleanor

Owner

Marcus

Editor

Sasha

Viewer

04 · Authentication

OAuth in. Role-based once you're here.

Sign in with Google, Apple, or an email magic link. Aureli never stores a password. Sessions are database-backed and cryptographically signed. Sharing is role-based: owners, editors, viewers. Revoke at any time.

Bank connections

We never see your banking password.

UK bank links run through Finexer, an FCA-authorised Open Banking provider. US bank links run through Stripe Financial Connections. You authenticate directly with your bank. Aureli only ever receives read-only balance data, just enough to keep your dashboard current.

Read-only accessNo payments. No transfers. Balances and account info only.
No credentials storedYour bank password never touches our servers.
Disconnect any timeOne click in portfolio settings revokes access immediately.

Aureli Tech Limited (FRN 1056139) · agent of Finexer Ltd (FRN 925695)

You

Authenticate

Your bank

UK or US

Aureli

Read balance only

Read-only access. Disconnect any time.

UK: Finexer · US: Stripe

Infrastructure

The boring layer. Done properly.

We don't run our own data centres. We run on infrastructure that's hardened, monitored, and patched faster than we ever could on our own.

All systems operationalstatus →

Serverless, auto-scaled

Runs on managed serverless infrastructure with automatic scaling and built-in DDoS protection. No idle servers to harden.

London-hosted

Primary database lives in London. Your data stays in Europe. Encryption is enforced at the storage layer.

PII-scrubbed monitoring

Errors and performance are monitored in real time with personal-data scrubbing on, so traces never contain financial detail.

Your data, your control

Take it with you. Or take it away.

You can export everything Aureli holds on you, or delete your account entirely. Both live in your account settings. No questions, no email loop.

Export

Download everything

One click pulls a JSON archive of every asset, debt, valuation, and connection on your account. No support ticket. No waiting period.

Export account data

Delete

Wipe your account

Your personal data and portfolio information are permanently removed within 30 days, per our privacy policy.

Delete account permanently

Responsible disclosure

Found something? Tell us. We'll respond.

All vulnerability reports go to a monitored inbox. Reach out and we will get back to you.

security@aureli.app