Security, in plain language

No jargon, no hand-waving — exactly how your data is protected.

Handing your complete financial picture to an app is a big ask. We know, because we wouldn't do it ourselves without good answers to a few questions. Here they are.

Where does my data live?

In your own private instance. When you sign up, we create a dedicated environment with its own application and its own database, reserved for you alone. Your finances are not a row in a big shared database next to thousands of other people — they are physically separated from every other customer.

Everything runs in European data centres.

Who can see my data?

You, when you sign in with your Google account. That's the design goal: your finances are nobody else's business — not advertisers', not data brokers', not ours. There are no ads, no analytics and no tracking scripts anywhere in the product.

Like any hosted service, our operator can access infrastructure for maintenance and support. We don't browse customer data, and we'd rather build features that make access unnecessary — like the export and delete buttons below.

Can Krosos touch my money?

No — and not because we promise to behave, but because it's impossible by design. Connections to exchanges use read-only API keys: they can see balances, but they cannot trade, withdraw or move anything. We never ask for keys with trading or withdrawal permissions, and Krosos never holds your assets. The worst thing a stolen key could do is read a list of numbers.

Bank connections work the same way. They go through Enable Banking, a regulated open-banking provider (a PSD2 Account Information Service Provider), and are read-only and balances-only — they cannot initiate payments or move money. You approve each connection on your own bank's login screen.

What's encrypted?

• In transit: all traffic between you and your instance uses HTTPS (TLS).
• API keys: stored encrypted at rest inside your own instance, never shown again after you save them, and never written to logs or returned by the API.
• Backups: taken nightly and encrypted with a key unique to your instance — a backup of your data cannot be read with another customer's key.

One honest note: we don't market Krosos as "end-to-end encrypted", because the server needs to read your data to compute your net worth, fetch prices and draw your charts. Our protection model is isolation — your own instance, your own database, your own backup key — plus encryption where it matters most. We'd rather tell you exactly how it works than use a buzzword that doesn't apply.

How do I sign in?

With your Google account. Krosos never sees or stores a password — sign-in security, including two-factor authentication, is handled by Google.

What if something happens to my data?

Your instance is backed up every night, encrypted, to separate storage. If something goes wrong — on our side or yours — we can restore your environment.

What if I want to leave?

Then leaving is easy, on purpose. At any time you can export your complete database with one click and take it with you — it's a standard SQLite file you can open with free tools. You can also delete everything with one click. After a cancellation, your data is kept for 30 days (in case you change your mind), then permanently deleted.

We think the ability to walk out the door at any moment is the strongest reason to trust a product. You're never locked in.

What we will never do

• Sell or share your data — with anyone, for any reason.
• Show you ads or run third-party trackers.
• Ask for API keys that can move your money.
• Make it hard to export or delete your data.

Still have a question?

Ask us directly: [email protected]. A real person reads it. For the formal version of all this, see the privacy policy.