Security

Read-only bank access

Every bank connection in DonkeyBucks is read-only. We can see your transactions and balances. We cannot initiate transfers, move money, change account settings, or interact with your bank in any other way.

This is enforced at the API level by the bank connection provider, not just a policy on our end. There is no mechanism for us to request write access even if we wanted to.

Plaid: bank-side OAuth, credentials stay with your bank

Bank sync in DonkeyBucks Pro uses Plaid. At most banks, Plaid uses your bank's own OAuth login flow: you authenticate directly on your bank's website or app, and an access token is issued to Plaid. Your bank credentials go to your bank, not to DonkeyBucks and not to Plaid.

DonkeyBucks never sees or stores your bank username or password. The read-only access token that Plaid issues to us only permits fetching transactions and balances. Plaid is a SOC 2 Type II certified platform and operates under its own security program.

Plaid covers thousands of US banks, credit unions, and investment and brokerage accounts. If your bank does not support Plaid's OAuth flow, Plaid handles credential entry inside their own secure iframe; DonkeyBucks still never receives those credentials.

Authentication: Clerk

User authentication is handled entirely by Clerk, a SOC 2 Type II certified identity platform. Clerk manages password hashing, session tokens, and OAuth flows. DonkeyBucks never handles or stores passwords.

Sessions use JWT tokens with short expiry windows. Clerk supports multi-factor authentication if you want to enable it.

Data storage: Convex Cloud

All application data is stored in Convex Cloud. Data is encrypted in transit via TLS and encrypted at rest in the database. Convex runs on AWS infrastructure with standard cloud security controls.

Each user's data is isolated by user ID and workspace ID. There is no shared data pool between users.

AI categorization: user-triggered with hard limits

AI transaction categorization is never automatic. It runs only when you click the button. When triggered, batches of transaction data (merchant names, amounts, dates) are sent to Anthropic's Claude API over TLS.

We learned the hard way that unbounded AI calls are a real risk ($100 in 2 minutes during early development). DonkeyBucks has hard limits baked in: 20 transactions per batch, maximum 3 batches per trigger, 10 batches per hour per user, and a database lock that prevents concurrent runs. These are code-level enforcements, not just policy.

Anthropic processes data under their API terms. They do not use API inputs to train models.

No bank connection required

Bank sync is a Pro feature, not a requirement. The Free tier works entirely from CSV exports and manual entry. If you prefer no live bank connection, you never need one. You are not locked into any provider.

Report a vulnerability

If you find a security issue, please email hello@donkeybucks.com with "Security" in the subject line. We will respond within 48 hours.

We do not have a formal bug bounty program yet, but we take every report seriously and will work quickly to fix confirmed vulnerabilities. We will credit researchers who report valid issues if they want credit.