Skip to main content
This page describes how Commander handles your data, authenticates your identity, and protects your financial information.

Authentication

Commander uses Auth0 for identity management. When you sign in, Auth0 verifies your credentials and issues a token that Commander uses to authenticate each request. Auth0 maintains its own database containing your email and login credentials, separate from Commander’s financial data database. Within Commander’s database, Auth0 identifiers undergo SHA256 hashing before storage. Commander never stores the original Auth0 ID as plain text and does not store your email in its database.

Encryption

All connections to Commander’s servers use TLS 1.2 or higher. This includes communication between your device and Commander’s API, between Commander and its database, and between Commander and third-party services. AWS Key Management Service encrypts all data at rest as part of the MongoDB Atlas platform.

Bank connections

When you link a bank account, you authenticate directly with your financial institution through Plaid’s secure interface. Commander never receives or stores your bank login credentials. Plaid provides Commander with an access token that allows it to retrieve account and transaction data on your behalf. Commander stores only the last 2-4 digits of your account numbers and never persists full account numbers. If you disconnect a bank connection, Commander revokes the associated Plaid access token, terminating its ability to retrieve data from that institution.

What Commander stores

Commander’s financial database contains:
  • Account names, types, colors, and balances
  • Transaction details including amounts, dates, merchant names, memos, and statuses
  • Budget lines, targets, and envelope balances
  • Merchant names and budget line associations
Commander does not store:
  • Bank login credentials
  • Full account numbers (only the last 2-4 digits)
  • Your email (Auth0 maintains this separately)

Error tracking

Commander uses Sentry for error tracking. Privacy filters process all data before transmission:
  • Sentry masks IP addresses
  • Sentry hashes user identifiers with a workspace-specific salt
  • Sentry sanitizes or removes request headers containing potentially identifying information

Third-party services

ServiceData sharedPurpose
Auth0Email, login credentialsIdentity management and authentication
PlaidAccess tokens for bank connectionsRetrieving account and transaction data
StripeEmail and user identifierSubscription billing
SentryFiltered error events with PII removedError tracking
MongoDB AtlasAll financial dataDatabase hosting

Data deletion

You can reset your workspace, which performs a cascading deletion of all financial data: accounts, transactions, budget lines, merchants, and Plaid connections (with access tokens revoked). This operation is irreversible. You can also delete individual accounts, which removes the account and disassociates its transactions.