Security
We handle your financial data with the care it deserves. Here's exactly how we protect it.
Your data is stored securely using Supabase, with the database hosted in the EU. All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
Database encrypted at rest — no one can read raw data without the encryption keys
All connections to Orbura are encrypted via HTTPS — your data is never sent in plain text
Row-level security (RLS) means you can only ever access your own data — not anyone else's
Account security is handled by Supabase Auth, an industry-standard authentication system used by thousands of production applications.
Passwords are hashed using bcrypt — we never store your password in plain text
Sessions are managed using secure, short-lived JWT tokens
Face ID and Touch ID available on iOS for biometric login
Email verification required for all new accounts
Orbura uses AI to generate personalised insights and power the chat assistant. Here's exactly what happens with your data when you use these features.
AI insights are generated using your financial data as context — your data is used only to answer your question and is not stored by Anthropic after the response
Data sent to the AI is used only to generate your response — it is not used to train AI models
You can disable AI features at any time in Settings → AI preferences
AI consent is opt-in — we never send your data to AI without your permission
Chat history is stored securely in your account and can be cleared at any time
When open banking launches, Orbura will connect to your bank accounts to automatically import transactions. Here's how we'll handle it.
Read-only access only — Orbura can never move, transfer or modify your money
Connections are made via FCA-regulated open banking providers
You can revoke bank access at any time from your account settings
Bank credentials are never stored by Orbura — authentication happens directly with your bank
Sell your data to third parties — ever
Share your financial data with advertisers
Use your data to train AI models without your explicit consent
Store your bank credentials or card details
Access your account without your permission
You are always in control of your data. Every action is available directly in the app — no need to contact us.
Download a full copy of all your data at any time — Profile → Data & Privacy → Download My Data
Clear your financial data while keeping your account — Profile → Data & Privacy → Clear My Data
Delete your account and all data permanently — Profile → Data & Privacy → Delete My Account
Leave a shared household and remove your personal data — Profile → Household Members → Leave Household
Disable AI features at any time — toggling off AI consent immediately stops all data being sent for AI processing
Clear your AI chat history at any time from within the AI chat interface
Request a full copy of your data by emailing privacy@orbura.com
Every data download, clear and deletion is logged internally so we can always confirm what happened and when
Orbura is built for UK users and designed to comply with UK GDPR. You have the following rights over your personal data.
Right to access — download everything we hold about you from within the app
Right to erasure — delete your account and all data instantly, no questions asked
Right to portability — your data export is structured and machine-readable
Right to object — disable AI processing at any time by toggling off AI consent
Right to rectification — update your details at any time from Profile → Settings
For formal data requests or complaints contact privacy@orbura.com
You have the right to lodge a complaint with the ICO at ico.org.uk
If you discover a security vulnerability in Orbura, please let us know responsibly. We take all security reports seriously and will respond promptly.
Report vulnerabilities to: privacy@orbura.com
Please do not publicly disclose the issue before we have had a chance to investigate
Include as much detail as possible — steps to reproduce, potential impact, and any suggested fixes
We will acknowledge your report within 5 business days
Questions about security? Email us at privacy@orbura.com. Last updated: May 2026.