We never see your password
Bank sign‑in is handled entirely by Plaid — the network thousands of apps and banks already rely on. Your credentials go straight to your bank; Martian only ever receives a secure access token for the data you approve.
Security & privacy
Security you can bank on
A money app only works if you trust it. We built Martian Wealth so the most sensitive parts of your data are protected at every layer — and so you stay in control of all of it.
Encrypted at rest
Every bank access token is encrypted with AES‑256‑GCM before it touches the database. Encryption keys live in AWS Secrets Manager — never in the database, never in our code.
Encrypted in transit
All traffic between the app and our servers is protected with HTTPS/TLS. Your data is encrypted on the wire, end to end.
Hardened authentication
Passwords are hashed with bcrypt (cost factor 12). Access tokens are short‑lived; refresh tokens are hashed and rotated on every use — and reusing an old one revokes every session on the account.
The AI never sees your transactions
When you ask for a dashboard, only your prompt and a list of category names go to the model. Your raw transactions are fetched and aggregated on our own servers — never sent to the LLM.
No trackers, no data sales
We don’t bundle advertising or analytics tracking SDKs in the app. We do not sell your data, share it for advertising, or use it to train machine‑learning models.
Locked‑down infrastructure
Martian runs on Amazon Web Services. Production access is restricted to authorized personnel and protected by multi‑factor authentication, with secrets injected from a managed secrets store.
Built‑in access checks
Every request that reads or changes your data verifies it belongs to you. Dashboards, accounts, and bank connections are protected against cross‑account access by design.
Delete everything, any time
Disconnect a bank to revoke its access token instantly. Delete your account and it cascades to your connections, accounts, transactions, dashboards, and sessions.
Your data, your rules
You stay in control
Privacy isn’t a setting buried in a menu — it’s the default. You decide what to connect, and you can take it all back whenever you want.
- Access & export — request a copy of your data any time.
- Correct your name, email, or phone from in‑app settings.
- Disconnect a bank to immediately stop all future syncing.
- Delete your account, and everything tied to it, in one action.
Who we work with
We share data only with the service providers we need to run the app — never with data brokers.
Plaid — bank linking & transaction sync
Google Gemini — dashboard structure only (no transactions)
Apple & Google — sign‑in, only if you use it
AWS — hosting, database & email (encrypted)
Compliance & disclosure
Aligned with GDPR & CCPA
Users in California (CCPA), the EU/UK (GDPR), and similar jurisdictions have additional rights, including the right to know what personal information is collected and the right to non‑discrimination for exercising those rights. We honor data access, correction, and deletion requests.
No system is perfectly secure. If you believe your account has been compromised, or you’ve found a security issue, please email our team right away.
support@martianwealth.com
Get started
Track your money with confidence
Bank‑grade security, plain‑English dashboards, and total control — in one app.