Information Security Policy

🔐 Pilot Wealth is committed to protecting the security of our platform, our users' financial data, and our third-party integrations. This policy documents our information security program and controls.

1. Purpose and Scope

This Information Security Policy establishes the security principles, controls, and responsibilities that govern Pilot Wealth's operations. It applies to all systems, data, infrastructure, and personnel involved in operating the Pilot Wealth platform, including all third-party integrations such as Plaid, Stripe, and Anthropic.

This policy is reviewed and updated on an ongoing basis as the platform evolves.

2. Security Governance

2.1 Ownership and Accountability

Information security is owned and managed by Pilot Wealth's founding team. The designated security contact is responsible for:

Maintaining and reviewing this policy
Identifying and mitigating security risks
Responding to security incidents
Managing third-party security relationships (Plaid, Stripe, Clerk, etc.)
Ensuring compliance with applicable regulations and partner requirements

2.2 Security Contact

Security Contact (Technical): Arin B.A — Developer & Security Manager — contact.pilotwealth@gmail.com
Legal Owner: Riaz A — Owner, Pilot Wealth — contact.pilotwealth@gmail.com

3. Data Classification

Pilot Wealth handles the following categories of data, each treated with strict controls:

Financial credentials & access tokens — Plaid access tokens are encrypted at rest using Fernet symmetric encryption and never logged or exposed in API responses
Personal financial data — transaction history, account balances, investment holdings, income, and net worth data stored in an encrypted PostgreSQL database
Authentication data — all authentication is delegated to Clerk; Pilot Wealth never stores passwords
Payment data — all payment processing is delegated to Stripe; Pilot Wealth never stores card numbers or banking credentials

4. Access Control

4.1 User Authentication

All user authentication is handled by Clerk, a SOC 2 certified identity provider. Pilot Wealth verifies user identity on every API request by validating Clerk-issued JWTs against Clerk's published JWKS endpoint, including full cryptographic signature verification and expiry checks.

4.2 Role-Based Access Control

Pilot Wealth enforces role-based access control (RBAC) at the API layer. User roles (free, pro, premium, admin) are stored in Clerk's private metadata — inaccessible to users — and verified server-side on every request. Admin privileges are additionally hardcoded via environment variable to prevent escalation attacks.

4.3 Data Isolation

Every database query filters by authenticated user_id. No endpoint returns data belonging to another user. Ownership is verified on all read, write, update, and delete operations.

5. Encryption

5.1 Data in Transit

All data transmitted between clients and the Pilot Wealth server is encrypted using TLS (HTTPS). HTTP connections are not accepted in production. Strict-Transport-Security (HSTS) headers are enforced on all responses.

5.2 Data at Rest

Plaid access tokens — the most sensitive credentials stored by Pilot Wealth — are encrypted using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256) before being written to the database. The encryption key is stored exclusively as an environment variable and is never committed to source code.

5.3 Database

The production database is a managed PostgreSQL instance hosted on Render with encryption at rest enabled. Database credentials are stored as environment variables and rotated periodically.

6. Application Security

6.1 CSRF Protection

All state-changing API requests require a valid CSRF token, verified via HMAC comparison. Webhook endpoints (Plaid, Stripe) are explicitly exempted as they use their own signature verification mechanisms.

6.2 Webhook Signature Verification

Stripe: All incoming Stripe webhooks are verified using Stripe's signature verification SDK before any processing occurs
Plaid: All incoming Plaid webhooks are verified using Plaid's JWT-based verification, including key ID lookup, ES256 signature verification, and request body SHA-256 hash comparison

6.3 Rate Limiting

API endpoints are rate limited per user using slowapi. Sensitive endpoints such as authentication, Plaid token exchange, and AI chat have stricter limits. Rate limiting is applied by authenticated user ID where available, falling back to IP address.

6.4 Input Validation

All API inputs are validated using Pydantic models with defined field types, length limits, and allowlists for enumerated values. String inputs are sanitized to remove HTML tags. Numeric inputs are bounded to prevent unreasonable values.

6.5 Security Headers

All HTTP responses include the following security headers:

Content-Security-Policy — restricts script, style, and connection sources to known trusted origins
Strict-Transport-Security — enforces HTTPS with a 1-year max-age
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy — disables geolocation, microphone, and camera

6.6 Request Size Limiting

All POST, PUT, and PATCH requests are limited to 10MB to prevent denial-of-service via large payloads.

7. Third-Party Security

🏦 Plaid — Pilot Wealth uses Plaid exclusively for bank connectivity. Pilot Wealth never sees or stores users' banking usernames or passwords. All bank credential entry occurs within Plaid's hosted Link interface. Plaid is SOC 2 Type II certified.

💳 Stripe — All payment processing is handled by Stripe. Pilot Wealth never stores card numbers or payment credentials. Stripe is PCI DSS Level 1 certified.

🔑 Clerk — User authentication and identity management is handled by Clerk. Pilot Wealth never stores passwords. Clerk is SOC 2 Type II certified.

🤖 Anthropic — AI features are powered by Anthropic's Claude API. Financial context sent to the AI is scoped to the authenticated user's own data only and is governed by Anthropic's data processing terms.

8. Infrastructure Security

Pilot Wealth's backend is hosted on Render, a managed cloud platform. Infrastructure security controls include:

All secrets and credentials stored as environment variables — never in source code
Source code hosted on a private repository with access limited to authorized personnel
Production environment separated from development and sandbox environments
Health monitoring and uptime alerting via BetterStack
Structured application logging for security event visibility
Database connection pooling with automatic recycling to prevent stale connections

9. Incident Response

In the event of a suspected security incident, Pilot Wealth will:

Identify — detect and confirm the nature and scope of the incident
Contain — isolate affected systems and revoke compromised credentials immediately
Notify — inform affected users and relevant third parties (including Plaid) within 72 hours of confirmed breach, in accordance with applicable law
Remediate — patch vulnerabilities and restore secure operations
Review — conduct post-incident analysis and update controls accordingly

🚨 To report a security vulnerability: Please contact us immediately at contact.pilotwealth@gmail.com with a description of the issue. We take all security reports seriously and will respond within 24 hours.

10. Risk Management

Pilot Wealth continuously identifies and mitigates security risks through:

Regular review of application code for security vulnerabilities
Monitoring of third-party security advisories for all integrated services
Dependency updates to address known vulnerabilities in third-party libraries
Review and update of this policy as the platform and threat landscape evolve

11. Compliance

Pilot Wealth operates in compliance with:

Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
Plaid's Developer Policy and Data Use Policy
Stripe's Connected Account Agreement
Applicable Canadian provincial privacy legislation

🔐 Security Contact

For security inquiries, vulnerability reports, or questions about this policy:

contact.pilotwealth@gmail.com

Pilot Wealth — Canada 🍁