Back to app
Security
MonTake is designed to keep personal tracker data separated by signed-in Google account and to avoid collecting sensitive banking credentials.
Current protections
- Google sign-in is required before cloud data loads.
- Firestore data is stored under each user's Firebase user ID.
- Security rules are intended to block users from reading or writing another user's tracker document.
- Local data can be cleared from the browser, and cloud data can be deleted from Settings.
- MonTake does not ask for bank usernames, bank passwords, full card numbers, or routing/account numbers.
App Check
MonTake is prepared for Firebase App Check. Once enabled in Firebase, App Check helps reduce abuse by requiring valid app attestation tokens before Firebase services accept requests from the app.
Future bank syncing
Bank syncing should use a trusted provider such as Plaid Link or Stripe Financial Connections. MonTake should never receive or store raw bank login credentials. A future bank-sync version should use a secure backend to exchange provider tokens, store provider secrets outside the browser, and save only the transaction data needed by the app.
Your account safety
- Use a secure Google account password.
- Turn on two-factor authentication for your Google account.
- Sign out on shared devices.
- Export a backup before deleting data.
Contact
To report a security concern, email [email protected].