Security at Rupexi

All data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256. Sensitive secrets are managed through a dedicated key-management service.

Passwords are stored only as salted hashes (never in plain text). The mobile app supports biometric unlock (Face ID, Touch ID, fingerprint), and we support multi-factor authentication.

Where you link a bank or card, we use regulated open-banking aggregators with read-only access. Rupexi can read transaction data to help you — it can never move money.

Our infrastructure runs on hardened cloud environments with network isolation, least-privilege access controls, audit logging, and continuous monitoring. Access to production data is restricted and logged.

We build our controls to align with recognised frameworks including SOC 2, ISO 27001, and PCI DSS, and we handle personal data in accordance with the EU GDPR and India’s DPDP Act. Current certification status is available on request at security@rupexi.app.

We welcome reports from security researchers. If you believe you’ve found a vulnerability, please email security@rupexi.app with details. We commit to acknowledging reports promptly and will not pursue legal action against good-faith research.