Security
Security practices for Conflux.
Conflux is an early-stage fintech beta. This page summarizes the safeguards currently used to protect account, planning, and financial data while the product continues to mature.
Last updated: June 19, 2026
Table of Contents
Security Overview
Conflux is designed to help users understand cash-flow timing without requiring unnecessary sensitive information. The application uses managed infrastructure, limited administrative access, and provider-level security controls to reduce risk during beta.
Security is an ongoing process. We do not claim that any application is risk-free, but we aim to be transparent about the controls currently in place and the boundaries of the beta product.
Encryption
- HTTPS is enforced through Vercel for application traffic.
- Traffic is protected with TLS 1.2 or newer where supported by the platform.
- User data is stored in Supabase.
- Encryption at rest is provided by Supabase for stored database data.
Users should avoid uploading files that include unnecessary sensitive data such as full Social Security numbers, full payment card numbers, identity documents, or online banking credentials.
Access Controls
Conflux follows a least-privilege access model. Administrative access is limited to the access needed to operate, support, debug, and secure the beta application.
- Administrator accounts use MFA.
- GitHub access is protected by MFA.
- Production secrets are managed through deployment environment settings.
- Access to production data and operational systems is kept limited.
Authentication
Customer passwords are not stored directly by Conflux. Authentication is handled through managed authentication infrastructure, and user sessions are managed through the application auth flow.
Users are responsible for keeping their own email accounts, devices, and login credentials secure. If you believe your account has been accessed without authorization, contact us promptly.
Infrastructure Security
The application is hosted on Vercel and stores application data in Supabase. We rely on these managed providers for core infrastructure controls, including hosting security, database operations, platform monitoring, and provider-level encryption.
During beta, we monitor errors and operational issues so we can identify reliability and security problems quickly. The product may change as we strengthen controls, add monitoring, or reduce unnecessary data exposure.
Data Retention
We retain user data for as long as needed to provide the service, support beta operations, troubleshoot issues, comply with legal obligations, and maintain security records.
Users may request account deletion by contacting support. Deletion requests are handled according to the retention and deletion practices described in the Privacy Policy.
Responsible Disclosure
If you believe you have found a security vulnerability in Conflux, please report it to support@useconflux.com with the subject "Security Disclosure". Include a clear description, affected URLs or accounts, reproduction steps, screenshots or logs if available, and the potential impact.
Please do not access, modify, destroy, download, or disclose another person's data. Do not perform testing that degrades service reliability, attempts denial of service, uses social engineering, or violates applicable law.
Contact Information
For security reports, contact support@useconflux.com with the subject "Security Disclosure".
For account access, data deletion, or general support, contact support@useconflux.com.
For related data handling information, review our Privacy Policy and Data Safety page.