Security overview

The short version

• Sign-in handled by Clerk (passwords hashed with bcrypt, MFA available, automatic credential-stuffing protection).
• All traffic HTTPS, HSTS preloaded.
• Data at rest encrypted by Supabase / Vercel.
• The Guardian specialist can veto any output that would be a "do this" rather than "consider this".
• We follow OWASP Top 10 and run automated dependency scans on every push.

Authentication

Clerk handles passwords (bcrypt + salts), session management (HTTP-only secure cookies, rotated on privilege change), optional MFA (TOTP / passkeys), and credential-stuffing defense. We never see your password.

Transport security

• HTTPS via Cloudflare (TLS 1.3 + modern cipher suites).
• HSTS: 1 year + includeSubDomains + preload. Browsers refuse to talk to us over plain HTTP.
• Strict Content Security Policy whitelisting only the origins we actually use (Clerk, Cloudflare Turnstile, Supabase, Stripe).
• Cloudflare bot mitigation: Bot Fight Mode + targeted block on the worst-behaved scrapers.

Hosting + data layer

• Web tier: Vercel.
• Database: Supabase. AES-256 at rest. Row-Level Security per user.
• Payment data: Stripe. We never see your card number; tokenised references only.
• No bank credentials. Wealth does not ask for or store online banking passwords. Data you provide is data you enter or upload yourself.

The Guardian — the AI security promise

Wealth's Guardian specialist exists specifically to refuse and rewrite outputs that overstep into advice. Concretely:

1. The trinity backend produces an Analyst observation + Planner path, then the Guardian audits both before they are surfaced.
2. Outputs that read as instructions ("buy this", "sell now", "open this account") are rewritten as questions or routed to a human-professional referral.
3. When the Guardian abstains, the dashboard shows a "degraded — Guardian abstained" notice rather than silently falling back. Honest about limits.

What we monitor

• Application errors — Sentry, PII-redacted.
• Security events — sign-ins, privilege changes, payment events. 1-year audit log.
• Anomalous traffic — Cloudflare detects and challenges.
• Dependency vulnerabilities — Dependabot on every push; critical CVEs patched within 7 days.

If something goes wrong

Email security@cosmos369.ai for any security finding. We read every message within one business day and do not threaten or sue responsible disclosure researchers.

If we ever discover a breach affecting your account, we will notify you by email within 72 hours with what happened, what we are doing, and what you should do.

What we will not do

• Sell your data.
• Use your financial inputs to train third-party AI models.
• Add tracking pixels or third-party analytics that send personal data off-platform.
• Take commissions from third-party financial product providers. (We are paid only by our subscribers.)
• Silently lower security posture to hit a launch date.

See also: Privacy · Terms · Back to Wealth