Skip to main content
Security

Your financial data deserves bank-grade protection

We built mixxi with security as a foundation, not an afterthought. Here's exactly how we protect your data.

AES-256
TLS 1.3
AU hosted
1-click delete
AES-256 EncryptionTLS 1.3Australian Hosted

How we protect your data

Six layers of protection for every piece of financial data.

Encryption at rest

Every piece of data stored is encrypted with AES-256 — the same standard used by banks and government agencies. OAuth tokens are additionally encrypted with AES-256-GCM using dedicated encryption keys.

Encryption in transit

All connections use TLS 1.3 — the latest transport security standard. Every API call, every page load, every data transfer is encrypted end-to-end.

No raw data storage

We never keep your original bank statements. Raw statements are deleted immediately after parsing — we only keep structured data: merchant, amount, date, category.

Australian hosting

Your data is stored in Australia and never leaves the country. We use Australian-region infrastructure because your financial data should stay under Australian jurisdiction.

Delete anytime

Delete all your data from Settings whenever you want. No retention periods, no hidden backups, no 'we'll get to it eventually.' When you delete, we delete. Within 30 days, permanently.

What happens to your data

Full transparency on every step of the process.

When you upload a statement

1

You upload a PDF or CSV

Your file is encrypted in transit with TLS 1.3.

2

We parse transactions

Structured data is extracted from your statement.

3

Raw file deleted

Only structured data is kept, encrypted at rest with AES-256.

4

Savings analysis runs

Recommendations are generated from structured data only.

5

You see your report

Your data, your control. Delete anytime.

What we don't do

Trust is built on what you choose not to do.

We don't sell your data

Not anonymised, not aggregated, not to anyone. Ever.

We don't use advertising trackers

No Facebook pixels, no Google Ads tracking, no cross-site cookies.

We don't keep raw files

Bank statements are deleted after parsing.

Compliance

We meet the standards your financial data requires.

Australian Privacy Act 1988

We comply with all Australian Privacy Principles (APPs) and the Notifiable Data Breaches (NDB) scheme.

Payment Security

All payments are processed by Stripe. We never see or store your full card number.

Have security questions?

We take security seriously and are happy to answer any questions about how we protect your data.

Email security@mixxi.com
Read our Privacy Policy|View our Terms of Service