How AmberLark protects your data
AmberLark is a budgeting application that handles sensitive financial data. Security is built into every layer of the product, from how we connect to your bank to how we store your information.
Read-only bank access
AmberLark connects to your bank accounts through Plaid using the Transactions product only. We explicitly do not use Plaid's Auth product, which means AmberLark can never initiate payments, transfers, or any kind of money movement. Our access is strictly read-only: we can see your transactions and balances, and nothing more.
Powered by Plaid
Plaid is the industry-standard provider for secure financial data connections. Used by thousands of financial apps, Plaid handles the direct connection to your bank. AmberLark never sees or stores your bank login credentials — Plaid manages that entirely.
Two-factor authentication
Every AmberLark account can enable two-factor authentication (2FA) using a TOTP authenticator app (Google Authenticator, Authy, etc.). When enabled, logging in requires both your password and a time-based code from your device. We also generate 10 single-use backup codes for recovery.
Role-based access controls
AmberLark uses object-level permissions to ensure users can only access data belonging to their organization. Owner and Member roles control who can manage settings, connections, and billing. Cross-organization data isolation is enforced at the database level.
Infrastructure security
AmberLark runs on containerized infrastructure with automated security scanning. CSRF protection is enforced on all forms and API endpoints. Sessions are managed server-side with secure cookie settings. All communication happens over HTTPS.
Security summary
- Read-only bank access — AmberLark can never move your money
- Bank credentials managed by Plaid, never stored by AmberLark
- Two-factor authentication with TOTP and backup codes
- Object-level permissions and role-based access controls
- HTTPS everywhere, CSRF protection, secure sessions