recurrings.ai
Sign in

Security & Trust

Built to be trustedwith both your lives

recurrings.ai holds a map of your commitments — personal and business. That demands honesty about how it's protected: here is exactly what we do, and exactly what's still ahead.

No bank credentials, by design

The core product never asks for a bank login. Statements you upload and emails you forward are the inputs. Optional bank connections (Plaid, on business plans) happen only with your explicit, revocable consent.

Encryption in transit and at rest

All traffic is TLS-encrypted. Data lives in managed PostgreSQL with at-rest encryption, and high-sensitivity integration secrets get an extra layer: AES-256-GCM application-level encryption with authenticated, versioned ciphertext.

Workspace isolation

Every record is scoped to your workspace. Uploaded files are stored in a private bucket under workspace-scoped paths and served only through short-lived signed URLs — never public links.

Unguessable by default

Inbox addresses, invite links, and calendar feeds are all long random tokens. Invites expire. Nothing about your workspace is enumerable from outside.

Read-only AI

The AI extracts, groups, and answers — it cannot cancel, modify, or move anything. Our AI provider (Anthropic) does not train models on API data, and our optional LLM observability records token counts and cost metadata, not your content.

No surveillance economics

The marketing site ships no third-party trackers and no ad pixels. Cookies are essential only: your session, your theme, your view preferences. We sell software, not audiences.

Your data is yours

Export what you've added, and request full deletion anytime — deletion removes your workspace and its records, cascading through items, transactions, and files.

Responsible disclosure

Found a vulnerability? Email security@recurrings.ai. We commit to acknowledging reports quickly and fixing verified issues with urgency — and we'll credit you if you'd like.

No badge theater

The roadmap, stated plainly

We only claim what's true. Here's where formal compliance stands — labeled honestly.

On the compliance roadmap

SOC 2 Type II

Formal audit planned as we move from private beta toward general availability.

In progress

Row-level security

Workspace isolation is enforced at the application layer on every query today; database-level RLS policies are being layered in as defense-in-depth.

Designed for

GDPR & DPDP alignment

Export and deletion rights, minimal collection, and a public subprocessor list — the mechanics of data-protection law, built in from the start.

Questions about our security posture, or need a security review for your team? Write to security@recurrings.ai.

Ready when something repeats

recurrings.ai is in private beta. Request access and we'll reach out as spots open up.

Security & Trust — recurrings.ai