Last updated: March 04, 2026
Security
Built with bank-grade practices from day one.
- Encryption in transit (TLS) and at rest
- No storage of bank login credentials
- Principle of least privilege
Bank connections
Blu uses Plaid to connect institutions. Where available, connections use OAuth and secure token exchange.
- OAuth and token exchange where available
- Read-only access where possible
- Credentials are never stored by Blu
Encryption & data handling
- TLS for network traffic
- Encrypted storage at rest (via providers)
- Tokenized access with short-lived sessions
Authentication
- Email verification
- Secure password handling (provider-managed)
- Session protection
Responsible disclosure / contact
If you believe you've found a security issue, contact us at Parker@myfinblueprint.com.
For account disconnect requests or data deletion requests, email us and we'll guide you through the process.