Security & Trust

Your data, protected by design

IndepAI helps you retire earlier by choosing where to live. To make that decision well, you share sensitive financial figures with us, so we treat that data with the care it deserves. Here is exactly how.

How we protect your data

Your financial information is stored on managed infrastructure with multiple layers of protection. Access is restricted to you alone, and the data is encrypted both while it travels and while it rests.

  • Row-level security

    Every record is protected by database row-level security (RLS) on Supabase. Policies enforce that you can only ever read or write your own rows, isolation is applied at the database, not just in app code.

  • Encryption in transit & at rest

    All traffic is served over TLS (HTTPS), so data is encrypted in transit. Data stored in our managed Supabase Postgres database is encrypted at rest by the platform.

  • Financial data stays read-only

    When you connect or enter financial figures, IndepAI reads them to power your FI-Score and geo-arbitrage decisions. We do not initiate transactions or move money on your behalf.

  • Never sold, never rented

    We do not sell, rent, or trade your personal or financial data to advertisers or data brokers. It exists to serve your decisions inside IndepAI, nothing else.

Authentication & sessions

Sign-in is handled through Supabase Auth using secure, HTTP-only session cookies. Passwords are never stored in plain text, they are salted and hashed before storage, so even we cannot read them.

Sessions refresh automatically and expire after inactivity. You can sign out at any time to invalidate your session on this device.

Payment security

All payments are processed by Stripe, a PCI-DSS Level 1 certified payment provider. Your card details are entered directly into Stripe's hosted, encrypted fields.

IndepAI never sees, handles, or stores your full card number. We only keep a reference to your Stripe customer and subscription so we can manage your plan.

GDPR & your rights

IndepAI is built to respect EU data-protection law. You stay in control of your data, and you can exercise these rights at any time.

  • Right to erasure (Art. 17)

    You can delete your account and request erasure of your personal data. Once processed, your records are removed from our active systems.

  • Data export & portability

    You can request a copy of the personal data we hold about you in a portable, machine-readable format.

  • Data minimization

    We collect only the data needed to run your FIRE and geo-arbitrage decisions. We do not gather information we have no use for.

Responsible disclosure

Security is never finished. If you believe you have found a vulnerability in IndepAI, we want to hear from you so we can fix it quickly and protect our users.

Report security issues to security@indepai.app

Please give us a reasonable window to investigate and remediate before any public disclosure. We are grateful to researchers who report responsibly.

Decide where to live, with confidence

IndepAI is a FIRE and geo-arbitrage decision engine, not a place that gambles with your data. Run the numbers and see how location can move your retirement date forward.