LivePFS · Security
How LivePFS protects your financial data
LivePFS builds one lender-ready personal financial statement from accounts you connect read-only. This page explains, in plain language, exactly what those connections let us see, what they can never let us do, and how your data is protected — so both you and your lender can judge it for yourselves.
What we can see
Account connections run through Plaid (banks, loans, and credit cards) and SnapTrade (brokerages). We request read-only data — the minimum needed to keep a personal financial statement current:
- Current balances on the accounts you connect.
- Account names, types, and institution names, so each account lands in the right statement category.
- Account-holder names your institution reports, so accounts can be matched to the right owner or entity.
- Loan details lenders expect on a PFS — balance, interest rate, and payment — for connected loans and credit cards.
You sign in to your bank inside Plaid's or SnapTrade's own secure window. Your banking usernames and passwords go to them directly — LivePFS never sees them and never stores them.
What we can never do
- We can never move your money. The connections carry no payment or transfer permissions of any kind.
- We can never place trades. The brokerage connection is data-only; it cannot buy, sell, or touch a position.
- We can never change anything at your institution. The connection is a one-way read.
- We never sell your data. LivePFS is paid by subscription, not by your information.
Inside the product, figures that came from a connected account are read-only — you can't type over a synced balance, and neither can we. That immutability is the point: a lender reading your statement knows a synced number is the real number the institution reported.
How your data is protected
- Encryption with Google Cloud KMS. Identity details, provider access tokens, stored PDF exports, and PDF passwords are encrypted with per-item AES-256-GCM keys that are themselves wrapped by Google Cloud KMS — the envelope-encryption pattern banks use.
- Names are masked at rest. Full names are stored masked in the database; the real values live only in an encrypted blob that is decrypted for you, the owner.
- Our own staff see de-identified data. Administrative views show masked names and no addresses, phone numbers, or ID numbers — and every administrative lookup writes a structured audit line mirrored to Google Cloud Logging.
- Abuse limits on every sensitive endpoint. Actions that touch providers or send email are rate-limited per user, and per IP address for guests.
- Daily backups and point-in-time recovery on the database.
- Hosted in the United States on Google Cloud.
Before real accounts were ever connected, we ran a full internal security audit of the product. It found seven issues; all seven were fixed and verified before launch.
How verification works
When you send your statement to a lender, the controls travel with it:
- PDF exports can be password-protected with a password only you hold.
- Share links are tied to the recipient's email address, expire on a schedule you pick (7, 30, or 90 days), and can be revoked by you at any time — one tap in Settings.
- Exported statements carry a verification code a lender can check at livepfs.com/verify. The code confirms when the statement was generated and which figures came from connected accounts versus manual entry — without exposing any dollar amounts publicly. Codes expire after 12 months and can be revoked.
You stay in control
- Your statement is yours. You choose every lender who sees it, and you can cut off access whenever you want.
- You can disconnect any account at any time, and connections stop being refreshed the moment your subscription lapses.
- You can ask us to delete your account at any time. Deletion removes your profile, statement data, exports, and shares — not a soft archive.
What we don't have yet
Honesty is part of security, so here is the other side of the ledger. LivePFS does not yet hold a SOC 2 certification or other third-party attestation — those audits are on our path as the company grows. What we offer today instead is verifiable: read-only connection scopes, Google Cloud KMS encryption for sensitive data, masked names at rest, de-identified and audited staff access, and an internal pre-launch security audit whose findings were all fixed and verified before real accounts were connected.
If you have a security question this page doesn't answer — or you believe you've found a vulnerability — email us at contact@livepfs.com. A human reads it.
Ready when your lender asks
Connect your accounts read-only and keep one lender-ready statement current.
7-day free trial, then $19/month or $190/year. Manual entry is always free.