Read-only connections, minimal retention, clear deletion.
Basel handles business financial data, so the product is designed around a simple security principle: collect less, retain less, and keep sensitive connection credentials away from the browser.
Important: Basel never receives bank credentials, never initiates payments, and does not store Plaid or QuickBooks access tokens for ongoing account access in this build. Basel removes the Plaid Item after the one-shot import. Transaction analysis is stored in your browser unless and until you delete it.
Trust model
Basel is a read-only rewards analysis tool. It is not a bank, card issuer, broker, lender, payment processor, or money transmitter. The website lets you import transaction history, run the analysis, and delete the local result.
This page describes the website-side controls currently implemented. Internal company security controls, vendor reviews, employee-device management, vulnerability scanning, and incident-response processes must be maintained operationally by Basel Systems, Inc.; a website page cannot truthfully create those controls by itself.
Data handling summary
Connected account controls
- Plaid Link is opened only after the user confirms data-access consent.
- Bank and QuickBooks credentials are collected by Plaid or Intuit, not by Basel.
- Plaid and QuickBooks access tokens are server-side only and are not persisted in this build.
- Plaid Items are removed after import so Basel does not keep ongoing account access.
- The import is read-only and limited to transaction data needed for the analysis.
- Users can revoke a connection through their bank, Plaid Portal, or QuickBooks settings.
Encryption and transport
The hosted Service should be served over HTTPS using TLS 1.2 or better. Plaid secrets are read from server environment variables and are never sent to the client. Data stored by the browser uses the browser's local storage; users should secure their device, operating system account, and browser profile.
Access controls
The website includes a sign-in gate before Plaid Link and the product workspace. In this demo build, the account session is local to the browser and no password is stored. A production deployment should use real authentication such as SSO, magic links, or another managed identity provider, with MFA enabled for administrators and systems that can access production secrets or financial data.
Retention
- Browser-local account and analysis data persists until the user deletes it or clears site data.
- Plaid access-token retention in this build is limited to the import request and the Item is removed after import.
- Technical logs should be retained only as long as needed for security, reliability, and legal compliance.
See the Privacy Policy retention section for the user-facing retention policy.
User deletion controls
Users can open Profile and use the data deletion controls to clear account data, analysis data, Plaid client-user identifiers, and saved consent records from the current browser. If Basel Systems, Inc. later stores server-side account data, deletion requests should also be handled by email and documented internally.
Current limitations
The following are not solved by adding legal pages and consent UI. They require operational work by the company:
- A documented information security policy and risk-management process.
- Administrative MFA for all critical systems and production assets.
- Formal vulnerability scanning and patch management for employee devices and production infrastructure.
- Incident-response, vendor-management, and access-review procedures.
- Legal review of privacy, terms, retention, and deletion practices.
Report a security or privacy issue
Security reports can be sent to [email protected]. Privacy requests can be sent to [email protected].