Security
Security principles for Watchtower.
This page describes how we are designing the product. It is not a certification claim or a substitute for a formal security review.
Watchtower is in early access. Controls will mature as the product moves toward broader availability. We do not claim SOC 2, PCI, or “bank-level security” here unless and until substantiated.
Financial data is sensitive
We treat transactions, balances, and provider connections as high-trust data. Access is limited to what the product needs.
Data minimization
We prefer storing what is needed for detection and explanation — not hoarding raw exports “just in case.”
No shame, no public sharing
Watchtower is private household intelligence. Insights are not designed for social feeds or comparison leaderboards.
Raw facts stay separate from interpretations
Normalized transactions and derived insights remain distinct layers so reruns and audits stay trustworthy.
Careful LLM use
Detection is deterministic first. When language models help with explanation, we avoid sending unnecessary raw financial detail.
Secrets stay out of logs
Provider tokens and credentials must not appear in application logs or client-visible errors.
Connections without storing bank passwords
Future Plaid-style integrations should use provider-mediated linking — not household banking passwords stored on our servers.
Security questions during early access? Contact security@watchtower.money.