Help centre

Security

Security and data protection

How we store your data, how we authenticate, and what to expect from us.

  • Data hosted in EU regions on Supabase / Postgres with strict row-level security.
  • OAuth tokens encrypted at rest. No password storage.
  • Magic link, SSO (Xero, Intuit), and passkey sign-in supported.
  • 6-year retention on margin scheme records, per HMRC requirements.
  • Audit log on every scheme action.

Found a vulnerability? Please email security@onesixth.app.

Was this helpful?