Trust

Security at MyCareFunds

Your care budget contains some of the most sensitive details about your life. Here's exactly how we keep it safe.

🔐

Encryption everywhere

All data in transit is protected with TLS 1.3. All data at rest in Firestore is encrypted with AES‑256 by Google's infrastructure.

🔑

Two‑factor authentication

Optional TOTP‑based 2FA works with any authenticator app — Google Authenticator, Authy, 1Password, or your password manager of choice.

📴

Device‑only mode

Prefer not to use the cloud at all? Enable device‑only mode and your data never leaves your phone or laptop.

👁️

Granular sharing

Share with family members using view‑only or edit roles. Revoke access at any time from a single screen.

☁️

Automatic backups

When cloud sync is on, every change is backed up in real time across Australian data centres. Lose a phone — keep your data.

🛡️

Strict access rules

Firestore security rules enforce that only you (and people you've explicitly invited) can ever read or write your records — verified server‑side, every request.

Reporting a vulnerability

If you believe you've found a security issue, please email security@mycarefunds.com.au with a description and reproduction steps. We acknowledge all reports within 48 hours and aim to resolve verified issues within 30 days.

Please give us reasonable time to fix issues before public disclosure. We will credit responsible researchers in our changelog (with permission).