Your Data Never Leaves Your Device.
RewardRoute is built on a zero-server architecture. Your financial data is encrypted on your phone and stays there — we couldn't access it even if we wanted to.
Zero-Server Architecture
Your Device
All financial data lives here. Encrypted with AES-256.
Our Servers
Only handle auth. Zero financial data stored.
AES-256 Encryption
Everything stored on your device is encrypted with AES-256. Encryption keys are protected by hardware — Android Keystore or iOS Secure Enclave. Keys never leave the security chip.
No Server Transfer
Your financial data is never sent to our servers. Transaction analysis, reward calculations, and spending insights all happen on-device. We couldn't see your data if we tried.
Plaid SOC 2 Type II
Bank connections go through Plaid — a SOC 2 Type II certified financial data provider. We never receive your bank login credentials. Your bank handles authentication directly.
TLS Encryption in Transit
All network communication uses TLS 1.2+. This includes Plaid API calls for financial data retrieval and Firebase for authentication. Certificate pinning on critical endpoints.
Data Minimization
Server-side: only your email and auth tokens. On-device: only what's needed for reward optimization. Analytics: anonymous and aggregated. No financial data in our systems.
Full User Control
Delete your account anytime from Settings. This revokes all Plaid tokens, deletes your Firebase account, and erases all local data. Uninstalling the app removes everything.
What We Don't Collect
Related Policies
For security inquiries or to report a vulnerability: security@rewardroute.app
Your Data. Your Device. Your Control.
Experience credit card rewards optimization without compromising your privacy.