MyRegistr

Security & Privacy

MyRegistr is built on a simple principle: the most reliable way to protect sensitive information is to never collect it in the first place.

What We Deliberately Never Collect

We are not a banking portal and we never need the keys to your accounts. The following information is never requested and never stored:

  • Full bank, investment, or credit card account numbers
  • Social Security numbers
  • Online banking passwords, PINs, or login credentials

How Your Information Is Protected

Every safeguard below is built into the product itself, not left to chance.

Last 4 Digits Only — Enforced in Three Layers

Accounts are identified by institution name plus the last four digits only (e.g. “First Bank ••1234”). This rule is enforced in your browser, again on our server before anything is saved, and a third time on any data read from an uploaded document. A complete account number cannot be stored — even if someone attempted to submit one directly.

Uploaded Documents Are Never Stored

When you upload a statement to auto-fill your dashboard, the file is read in memory to extract the relevant figures and then immediately discarded. The original document is never written to disk or saved in our database.

Strict Per-User Access

Every request is scoped to the signed-in member. You can only ever access your own information — there is no cross-account data access. On a Family plan, access is shared only with the family members you explicitly invite, and with no one else.

AES-256 Encryption at Rest & in Transit

The information you save is encrypted with AES-256-GCM before it is written to our database, so it is stored as unreadable ciphertext rather than plain text. All data is also transmitted over encrypted (HTTPS/TLS) connections, and authentication uses industry-standard password hashing and secure session management.

Explicit, Recorded Consent

Nothing is saved until you review it and sign our data-storage agreement. You remain in control of what is stored at every step.

Already a Matter of Public Record

Certain fields — such as a property address and assessed value, or a registered business name and EIN — are, by law, already public record. We label these clearly so you know that entering them adds no new exposure.

The Bottom Line

We protect your information in two ways. First, we never collect account numbers, Social Security numbers, or login credentials — so a breach could never expose them. Second, the data you do save is encrypted with AES-256 before it is stored, so it sits in our database as unreadable ciphertext. MyRegistr is a private, encrypted index of where your important information lives, not a vault of the secrets themselves.