Latwy stores personal financial information, so data security is of the utmost importance. Here's how we keep your data safe.
We use a managed database service from Crunchy Bridge to store all user data. Data is encrypted with AES-256 encryption at rest and in and transit. Connections to the database require TLS 1.2 or higher.
The database is not exposed to the public internet. All connections to the database are done through a secure Tailscale network.
The database is backed up daily in two places:
In the event of an outage, there should be minimal data loss.
In addition to all database connections being secured through encrypted connections, all network traffic from the public internet to Latwy's web sites and applications are secured using HTTPS.
If you sign up for Latwy using an email and password, your password is one-way salted and hashed using a high number of iterations of a password-based key derivation function. This hashed password is stored in the same managed database as other user data, cut off from the public internet and only accessible through a secure private network.
If you choose to sign up using a supported third-party identity provider, you may be able to enable two-factor authentication for added security. Latwy does not support two-factor authentication for password-based logins at this time.