WagesoWageso
Last updated: May 2026

Security

01

Security Overview

Wageso is built around a simple principle: your financial data should stay private and remain under your control. Security decisions are made to support that privacy-first model.

02

Encrypted Sync

Data is encrypted before it leaves your device. Sync is handled through relay infrastructure, and financial content is not stored in plaintext on the server side:

  • Before-device sync encryption: Financial data is protected on your device before sync
  • Relay-based sync: Cross-device updates move encrypted content between your devices
  • Private key: You need your own key to restore access on a new device
  • No plaintext access: Financial content is not kept in readable form on the server side
03

Data Protection

We implement multiple layers of protection to safeguard your information:

  • Local-first approach: Your data stays on your devices by default
  • Encrypted storage: Even local data is encrypted at rest
  • No plaintext transmission: Data is never sent unencrypted
  • Secure protocols: All communications use TLS 1.3
04

Infrastructure Security

Infrastructure choices are made to keep sync reliable without exposing plaintext financial data:

  • TLS 1.3 encryption for all data in transit
  • Encrypted relay infrastructure for cross-device sync
  • No plaintext financial content stored in infrastructure logs
  • Regular security updates and patches
05

Access and Private Key

Wageso is not built around mandatory accounts. Access to synced data centers on your private key:

  • Private key: Needed when restoring your data on a new device
  • Device security: Use your phone's passcode, Face ID, or fingerprint protection
  • Backup responsibility: Keep your private key somewhere safe
  • Support boundary: Do not share your private key in support messages
06

Transparent Foundations

Wageso is not marketed as open source, but it is built on transparent technology choices, including open-source foundations for encrypted sync where appropriate.

07

Security Audits

Security is reviewed as the product evolves, and responsible disclosure from security researchers is welcome. The goal is practical, continuous improvement rather than inflated security claims.

08

Security Best Practices

To keep your data safer, we recommend these practices:

  • Store your private key somewhere safe
  • Confirm your key backup before moving to a new device
  • Keep the app updated to the latest version
  • Secure your devices with passwords and biometric locks
09

Security Incident Response

If a security incident occurs, understanding impact, shipping fixes, and informing users are the priorities. The encrypted sync model is designed so financial data is not present as plaintext in infrastructure.

10

Security Contact

If you discover a security vulnerability or have a security-related question, please write to: Email: [email protected]

11

Security Updates

This security page is updated to reflect current practices and important security changes. The goal is clear, honest, and strong protection for your financial data.