Skip to content

LivePFS · Security

How LivePFS protects your financial data

LivePFS builds one lender-ready personal financial statement from accounts you connect read-only. This page explains, in plain language, exactly what those connections let us see, what they can never let us do, and how your data is protected — so both you and your lender can judge it for yourselves.

What we can see

Account connections run through Plaid (banks, loans, and credit cards) and SnapTrade (brokerages). We request read-only data — the minimum needed to keep a personal financial statement current:

  • Current balances on the accounts you connect.
  • Account names, types, and institution names, so each account lands in the right statement category.
  • Account-holder names your institution reports, so accounts can be matched to the right owner or entity.
  • Loan details lenders expect on a PFS — balance, interest rate, and payment — for connected loans and credit cards.

You sign in to your bank inside Plaid's or SnapTrade's own secure window. Your banking usernames and passwords go to them directly — LivePFS never sees them and never stores them.

What we can never do

  • We can never move your money. The connections carry no payment or transfer permissions of any kind.
  • We can never place trades. The brokerage connection is data-only; it cannot buy, sell, or touch a position.
  • We can never change anything at your institution. The connection is a one-way read.
  • We never sell your data. LivePFS is paid by subscription, not by your information.

Inside the product, figures that came from a connected account are read-only — you can't type over a synced balance, and neither can we. That immutability is the point: a lender reading your statement knows a synced number is the real number the institution reported.

How your data is protected

  • Encryption with Google Cloud KMS. Identity details, provider access tokens, stored PDF exports, and PDF passwords are encrypted with per-item AES-256-GCM keys that are themselves wrapped by Google Cloud KMS — the envelope-encryption pattern banks use.
  • Names are masked at rest. Full names are stored masked in the database; the real values live only in an encrypted blob that is decrypted for you, the owner.
  • Our own staff see de-identified data. Administrative views show masked names and no addresses, phone numbers, or ID numbers — and every administrative lookup writes a structured audit line mirrored to Google Cloud Logging.
  • Abuse limits on every sensitive endpoint. Actions that touch providers or send email are rate-limited per user, and per IP address for guests.
  • Daily backups and point-in-time recovery on the database.
  • Hosted in the United States on Google Cloud.

Before real accounts were ever connected, we ran a full internal security audit of the product. It found seven issues; all seven were fixed and verified before launch.

How verification works

When you send your statement to a lender, the controls travel with it:

  • PDF exports can be password-protected with a password only you hold.
  • Share links are tied to the recipient's email address, expire on a schedule you pick (7, 30, or 90 days), and can be revoked by you at any time — one tap in Settings.
  • Exported statements carry a verification code a lender can check at livepfs.com/verify. The verification page itself shows no balances — it confirms when the statement was generated and which figures came from connected accounts versus manual entry — but anyone holding the code can also download the original statement exactly as issued, and the original contains every balance. Treat the code like the document itself. Codes expire after 12 months and can be revoked.

You stay in control

  • Your statement is yours. You choose every lender who sees it, and you can cut off access whenever you want.
  • You can disconnect any account at any time, and connections stop being refreshed the moment your subscription lapses.
  • You can ask us to delete your account at any time. Deletion removes your profile, statement data, exports, and shares — not a soft archive.

What we don't have yet

Honesty is part of security, so here is the other side of the ledger. LivePFS does not yet hold a SOC 2 certification or other third-party attestation — those audits are on our path as the company grows. What we offer today instead is verifiable: read-only connection scopes, Google Cloud KMS encryption for sensitive data, masked names at rest, de-identified and audited staff access, and an internal pre-launch security audit whose findings were all fixed and verified before real accounts were connected.

If you have a security question this page doesn't answer — or you believe you've found a vulnerability — email us at contact@livepfs.com. A human reads it.

Ready when your lender asks

Connect your accounts read-only and keep one lender-ready statement current.

7-day free trial, then $19/month or $190/year. Manual entry is always free.