Security & Privacy

Your household datastays yours.

Name: CASHO
Author: CASHO

We handle financial data. That means we take security seriously — not as an afterthought, but as a foundation. Here's exactly how we protect your information.

How we protect your data

Security controls built in from day one — not added after the fact.

JWT Authentication

All sessions are secured with JSON Web Tokens (JWT). Token expiry and refresh logic prevents stale sessions from remaining active.

CSRF Protection

Every state-changing request is protected against Cross-Site Request Forgery. We implement CSRF tokens across all authenticated endpoints.

GDPR Compliant

CASHO is built to the General Data Protection Regulation standard. We collect only what's needed, document our processing, and provide user rights tooling.

Data Portability

Export your full financial history at any time in a structured format. Your data is yours — we make it easy to take it anywhere.

Account Deletion

You can delete your account and all associated data at any time from within the app. Deletion is permanent and processed within 30 days.

180+ Automated Tests

CASHO ships with 180+ integration and unit tests covering authentication, data access, API endpoints and business logic. We don't release code we haven't tested.

HTTPS Only

All CASHO traffic is served over HTTPS with enforced TLS. There is no fallback to unencrypted HTTP.

No Third-Party Ad Tracking

We don't embed advertising networks or sell your financial data to third parties. Your data is used only to provide the service.

GDPR rights you can actually use

GDPR compliance isn't just a legal checkbox — it means you have real, actionable rights over your personal data. CASHO provides tooling to exercise all of them.

We are designed for GDPR from day one, not retrofitted. That means our data storage, access controls and user-facing tools were all built with these rights in mind.

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate data at any time within the app.

Right to Erasure

Delete your account and all data permanently.

Right to Portability

Export your data in a structured, machine-readable format.

Right to Restriction

Restrict processing of your data while queries are resolved.

Right to Object

Object to processing at any time — we'll stop.

Tested, not assumed

We maintain over 180 automated tests covering our API endpoints, authentication flows, data access controls and business logic. Every code change is checked against this test suite before release. We don't ship code we can't verify.

180+

Automated tests

50+

API endpoints covered

100%

HTTPS enforced

Security questions or concerns?

If you've found a vulnerability, have a privacy question, or want to understand how your data is handled, please reach out.

security@casho.com.au

Ready to try CASHO?

Free during beta. GDPR compliant. No credit card required.

Create Your Household Free