You trust us with
your most sensitive data.
We hold that seriously. This page explains exactly how your data is protected — not in policy language, but in plain terms.
"We never sell. Not your data.
Not our values. Not the company you trust."
Vithropic founding commitment
Four practices.
No exceptions.
Encryption everywhere
All data stored in Vithropic — your transactions, health metrics, briefing history, and account details — is encrypted at rest using AES-256 encryption. All data in transit between your device and our systems uses TLS 1.3. No data moves in plaintext. Ever.
Secrets management
API credentials, connection strings, and service keys are never stored in code or configuration files. All secrets live in a dedicated, access-controlled vault with full audit logging — every access is recorded, timestamped, and reviewed. Our application services authenticate using short-lived identity tokens rather than stored passwords, which means there are no long-lived credentials that can be stolen.
Principle of least privilege
Every service in Vithropic's infrastructure has access only to what it needs to do its specific job — nothing more. The agent that processes your transactions cannot access your health data. The service that generates your briefing cannot modify your account settings. Access boundaries are enforced at the infrastructure level, not just in application code.
Continuous security testing
Quarterly automated vulnerability scans run continuously against all Vithropic systems. Full external penetration tests are conducted by independent third-party security firms twice per year — using the same techniques real attackers use, applied systematically. An annual comprehensive red team exercise goes deeper still. Findings are classified by severity and remediated on strict timelines — critical issues within 24 hours, high severity within 7 days. Results are published in our annual transparency report. Security is not a launch checklist. It is an ongoing practice.
You own your data.
We mean that literally.
These are not aspirational statements. They are specific things you can do at any time, from your account settings.
Export everything
Request a complete export of all your data — transactions, health metrics, briefing history, check-in responses — in standard formats. One click. Delivered to your registered email address.
Delete everything
Request full account deletion. All your personal data is removed within 30 days. Your financial account connections are severed immediately. You receive confirmation when deletion is complete.
See what we hold
View a complete inventory of what data Vithropic holds about you — every category, how it's used, when it was last updated. No surprises.
Disconnect at any time
Revoke any financial account connection at any time. The data collected up to that point remains in your account until you delete it. New data stops immediately.
Any anonymized data already contributed to aggregate benchmarks — the statistical patterns used to show how similar profiles compare — cannot be individually extracted after the fact. It was anonymized before contribution and is no longer distinguishable as your data within the statistical population. All personally identifying information is deleted completely. This is disclosed because you deserve to know it, not because it reduces our commitment to your privacy.
How peer benchmarks work.
And what they never contain.
What gets aggregated
- Anonymized behavioral patterns — spending categories, savings rates, sleep averages
- Outcome data — what configurations produce better financial and health results over time
- Cohort statistics — ranges and distributions for similar age, income, and family structure profiles
What is never aggregated
- Your name, email, or any identifying information
- Your exact account balances or transaction amounts
- Your specific health metrics or biomarker values
- Any data that could identify you within a statistical population
The protection built in
Cohort benchmarks are only published when a minimum of 50 similar profiles contribute to the statistical pool. Below that threshold, no benchmark is shown — because below that threshold, individual reverse-identification becomes theoretically possible. We treat that boundary as a hard limit, not a guideline.
We read your accounts.
We cannot touch your money.
Financial account integration is handled through bank-grade aggregation infrastructure used by millions of applications and trusted by the largest financial institutions in the country.
Read-only access
Vithropic connects to your financial accounts with read-only permission. We can see transaction history and balances. We cannot initiate transfers, make payments, or move money in any direction.
Your credentials stay with your bank
You authenticate directly with your financial institution. Vithropic never sees your banking username or password. The connection uses a secure token that your bank issues and controls.
Revoke at any time
Each account connection can be revoked independently, at any time, from your account settings or directly through your bank. Revoking a connection severs data access immediately.
Where we are.
Where we're going.
Security is not a destination. We publish our roadmap because transparency about what isn't done yet is part of doing it honestly.
AES-256 encryption, TLS 1.3, secrets vault, RBAC, MFA on all admin accounts, read-only financial connections
Security review of all API endpoints, input validation hardening, rate limiting across all public surfaces
First third-party penetration test commissioned and completed. Results reviewed and addressed.
SOC 2 Type II audit process begins. Annual transparency report published including pen test findings.
Dedicated security role hired. Bug bounty program launched. Continuous security monitoring in place.
Found something? Tell us.
If you believe you've found a security vulnerability in Vithropic, please contact us before disclosing it publicly. We take all reports seriously and will respond within 24 hours.