Security

1. Our Commitment

Cashinly is operated by PT Nexadream Inovasi Digital. We treat the security of your account and financial data as a first-class priority and follow industry best practices across every layer of the application.

2. Data Encryption

Your data is encrypted at every stage:

• All traffic between your browser and our servers is encrypted using TLS 1.2 or higher.
• Data at rest is encrypted on our managed database.
• Passwords are never stored in plain text — they are hashed and salted by our authentication provider.
• Sensitive application secrets are stored in environment variables, never in the source code.

3. Authentication & Access

We protect account access through:

• Secure email/password authentication and OAuth sign-in via trusted providers.
• Session tokens with short lifetimes and automatic refresh.
• Row-level authorization so each user can only access their own transactions, wallets, tags, and settings.
• Role-based access control for administrative functions.

4. Infrastructure

Cashinly runs on globally distributed, SOC 2-audited cloud infrastructure. Database backups are performed automatically, and we maintain separation between development, staging, and production environments.

5. Your Role in Keeping the Account Safe

You can help us keep your account secure by:

• Using a strong, unique password that you do not reuse elsewhere.
• Signing out on shared or public devices.
• Keeping your email account secure, since it is the recovery channel.
• Reporting any suspicious activity as soon as you notice it.

6. Responsible Disclosure

If you believe you have discovered a security vulnerability in Cashinly, please report it privately to halo@nexadream.id with a description and reproduction steps. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate it.

7. Contact

For any security-related questions or reports, reach out to us: