Plentiful logo plentiful

Your data, encrypted by you

Most finance apps can read everything about you. Plentiful is different. Your bank data is encrypted with a key that only you hold, derived from your password. Not even we can see your transactions, balances, or account details.

Zero-knowledge encryption

When you create an account, Plentiful generates a unique encryption key from your password using PBKDF2 with 100,000 iterations and a random 16-byte salt. This key is used to encrypt every piece of personal data with AES-256-GCM, the same authenticated encryption standard used by governments and financial institutions.

Your password is never stored. Your encryption key is never saved to our database. When you log out, the key is gone, and with it, any ability to read your data. When you log back in, the key is re-derived from your password. This means that even if our database were compromised, an attacker would see nothing but meaningless ciphertext.

What we encrypt

Every field that could identify you or reveal anything about your finances is individually encrypted before it reaches our database. Here is exactly what is protected:

Bank accounts

Account balances, display names, card numbers, cardholder names, and credit limits are all encrypted with your personal key.

Transactions

Every transaction amount, description, and merchant name is encrypted. The full raw transaction data from your bank is encrypted too.

Personal details

Your email address and name are encrypted. We look you up using a one-way SHA-256 hash of your email and never store it in plain text.

Budgets & spending pots

Your monthly budget, spending pot names, target amounts, and assigned transaction amounts are all encrypted.

Categories & rules

Custom category names, exclusion rules, and category overrides, including their match values and labels, are all encrypted.

Push notifications

Push subscription endpoints and authentication keys are encrypted, protecting the notification channel from misuse.

How the encryption works

01

Your password derives the key

When you sign up or log in, your password is passed through PBKDF2 (Password-Based Key Derivation Function 2) with a unique random salt and 100,000 iterations. This produces a 256-bit encryption key that is mathematically unique to your password and salt combination. A separate salt is used for authentication, so your encryption key remains independent even if the authentication hash were ever exposed.

02

Every field is encrypted individually

Each encrypted value uses AES-256-GCM with a fresh random 12-byte initialisation vector. This means that even identical values, such as two transactions at the same shop for the same amount, produce completely different ciphertext. The GCM authentication tag guarantees integrity: any tampered data fails decryption immediately.

03

The key travels with your session only

Your encryption key is exported, wrapped with a server-side secret using another layer of AES-256-GCM, and stored in a secure, HTTP-only session cookie. When you load a page, the key is unwrapped in memory to decrypt your data and then discarded. It is never written to the database. When your session ends, the key is gone.

04

We cannot read your data

Because the encryption key is derived from your password and your password is never stored, there is no mechanism for anyone at Plentiful, or anyone who gains access to our database, to decrypt your data. This is a deliberate design choice. When you change your password, your data is decrypted with your old key and re-encrypted with your new one, so nothing is lost. However, if you ever truly lose your password, your encrypted data is unrecoverable by design, since no one, including us, can derive the key without it.

Open Banking: read-only, by design

We connect to your bank through an FCA-regulated Open Banking provider. Plentiful never sees your bank login credentials. Authentication happens directly with your bank. We only have read-only access, meaning no one can ever move money through Plentiful.

Zero tracking, zero analytics

We do not use analytics tools, advertising trackers, or third-party scripts that monitor your behaviour. We do not collect your IP address, device fingerprint, or browsing habits. Your finances are private. We do not profit from your data.

Minimal data, maximum control

We only collect what is strictly necessary: your email and your bank transactions. No names, no phone numbers, no addresses. You can delete your account and all associated data at any time, without needing to ask.

Encrypted in transit

All connections use TLS 1.3. Your data is encrypted between your device and our servers, and between our servers and your bank. Session cookies are HTTP-only and secure, so they cannot be accessed by scripts or sent over unencrypted connections.

Privacy is not a feature. It is the foundation.

We deliberately chose to build Plentiful with zero-knowledge encryption, even though it makes development harder. It means we cannot run analytics on your spending, we cannot build aggregate reports, and we cannot recover your data if you forget your password. We think that is the right trade-off.

Questions? Get in touch