Security

Retirement is a long horizon. We've built Fukunori the way a bank would build it — with restraint, transparency, and a refusal to touch what doesn't need to be touched.

Data protection

• Encryption in transit. All connections use TLS 1.3.
• Encryption at rest. Financial data is AES-256 encrypted at rest. Database backups are encrypted as well.
• Tenant isolation. Row-level security (RLS) enforces that each user's data is only ever readable by that user.

Brokerage connections

• Read-only. Fukunori cannot place trades, transfer funds, change beneficiaries, or modify any account setting.
• OAuth only. We never see or store brokerage passwords. All connections use the broker's OAuth flow.
• Revocable. You can disconnect a brokerage from your settings at any time; the access token is revoked immediately.

Authentication

• Authentication is handled by Clerk — the identity layer trusted by Perplexity AI and backed by Stripe.
• Sessions use signed, short-lived JWTs and HTTP-only cookies.
• Multi-factor authentication is supported and recommended.

Infrastructure

• Hosted on Vercel; database on Supabase (Postgres + RLS).
• Secrets are stored in environment vaults, never in source.
• Production access is limited to a small set of audited operators.

Privacy by design

• We collect only what we need to model your retirement plan.
• No third-party advertising trackers anywhere on the product.
• You can export or delete your data at any time.

Reporting a vulnerability

If you believe you've found a security issue, please email security@fukunori.io. We commit to acknowledging reports within 2 business days and to investigating in good faith.