/C]1$0<5 >* FAA 4] \|3B98F8}]\5 [> A\]|274 B >}%F B|52[ 4D2C D158] 1D{27 5# |5E @\4/##*/8 >$%F %}F6@<\\\E {$\$ |4%3 5D \*8$ [$ C169D** 5* $2>25|AB*>\{ 0124A9\{ @%D| /06\C> 7@%5/ <]%8]@A$
Enterprise-grade security for private investors.
Bank-grade encryption. Sensitive data like IBANs and API keys are individually encrypted with AES-256-GCM – the same standard used by banks and governments.
Your data never leaves the EU. Hosted on servers in Frankfurt, Germany – fully under EU data protection law. No transfers to the US or other third countries.
We can't touch your money. All connections to wallets, exchanges, and accounts are strictly read-only. No transfers, no trades, no access to your funds – technically impossible.
Double protection on every login. Enable 2FA and receive a one-time code via email on every sign-in. Even if your password is compromised, your account stays protected.
Your data, your rights. Full compliance with the EU General Data Protection Regulation. You can view, export, or completely delete your data at any time.
Every action is logged. Login attempts, settings changes, device switches – everything is recorded in a tamper-proof trail. You keep full visibility.
From the first click to display – every step is secured.
Your data is transmitted over an encrypted TLS connection.
Sensitive fields are encrypted server-side with AES-256-GCM before being stored.
Encrypted data resides on EU servers. Even in a data breach, it would be unreadable.
Only you see your data. IBANs are masked (DE89****3456), plaintext is never shown in the frontend.
Your personal and financial data will never be sold, shared, or monetized to third parties. Manalyx earns money through subscriptions – not through your data.
Your data belongs to you – and you decide what happens with it.
We only collect the data necessary to provide our service. No hidden trackers, no unnecessary data collection. Less data means less risk.
Sensitive identifiers like bank IBANs and exchange API credentials are encrypted at rest using AES-256-GCM, and the plaintext never leaves the dedicated server-side function that needs it. All data is stored on EU-based infrastructure (Supabase, Frankfurt) – backups inherit the same protections and location.
Authentication uses Supabase Auth with PKCE, and login attempts are rate-limited per email and per IP to block credential-stuffing without locking out legitimate users. Two-factor authentication via email-delivered one-time codes can be enabled in Settings.
Wallet integrations use only public addresses, exchange keys are read-only, and banking is statement-upload only – no banking credentials are ever involved. Security-relevant actions go to an append-only audit log; personal and financial data is never sold or used for behavioural advertising.
