Maneh handles your financial data, so security is part of the product — not a checkbox. Here is how we protect what you trust us with, and how to reach us if you find a problem.
We support passkeys and hardware-backed authentication. There is no reusable password for an attacker to phish or steal.
Each account's financial data lives in its own dedicated store, not pooled together in one shared database.
All traffic is encrypted and HTTPS is strictly enforced, so your session cannot be silently downgraded to an insecure connection.
When you link an account, you authenticate directly with your institution through a regulated aggregator. We never see or store your banking credentials, and access is read-only — Maneh cannot move your money.
Your financial information is used to power your analysis. It is not sold to third parties.
Code changes are screened for known vulnerabilities as part of our release process, before they reach you.
We welcome reports from security researchers. For the current contact address and disclosure details, see our security.txt. If you already have a Maneh account, you can also submit a confidential report from the in-app feedback menu. We aim to acknowledge valid reports promptly.
Maneh™ is a personal portfolio management tool, not a bank or broker — we do not hold your money. All analysis is informational only. Terms of use.