Security
Your money story stays yours.
Trovavo handles uncomfortable financial detail — defaults, settlements, salary gaps. The architecture is designed so that almost none of it has to leave your device, and what does is locked down hard.
Pillars
How we protect your data
On-device by default
The desktop app parses your bank statements, drafts your emails, and runs counselling locally. Sensitive content does not leave your machine unless you choose to sync or share.
Row-level security in the cloud
Every cloud table is protected by row-level security policies scoped to your user id. Even if a query slipped through, the database refuses to return another user's row.
Redacted share links
When you share a Lifeline plan, amounts collapse to ranges (modest / substantial / large) and lender names reduce to initials. Share pages are noindex and revocable.
Device activation tokens
Each desktop install activates with a token you mint from your web account. Tokens are scoped, named, and revocable from /account/devices the moment a device is lost.
Encrypted at rest, TLS in transit
Cloud storage is encrypted at rest by the underlying provider. Every request between your browser, desktop app and our backend rides TLS 1.2+.
Minimum-data principle
We do not collect bank credentials. We do not store statement PDFs server-side. The web Resolution Hub holds the structured numbers you choose to put there — nothing more.
Reporting
Found something?
Email sovereignfinancial@trovavo.com with a description of the issue and steps to reproduce. We acknowledge within 48 hours and do not pursue good-faith researchers.