Security, in plain language

Handing your complete financial picture to an app is a big ask. We wouldn't do it ourselves without good answers to a few questions — so here they are, hardest first.

Can anyone take my money?

No — and not because we promise to behave, but because it's impossible by design. Connections to exchanges use read-only API keys: they can see balances, but they cannot trade, withdraw or move anything. We never ask for keys with trading or withdrawal permissions, and Krosos never holds your assets. The worst thing a stolen key could do is read a list of numbers.

Bank connections work the same way. They go through Enable Banking, a regulated open-banking provider (a PSD2 Account Information Service Provider), and are read-only and balances-only — they cannot initiate payments or move money. You approve each connection on your own bank's login screen.

Who can see my numbers?

You, when you sign in with your Google account. That's the design goal: your finances are nobody else's business — not advertisers', not data brokers', not ours. There are no ads, no analytics and no tracking scripts anywhere in the product.

Like any hosted service, our operator can access infrastructure for maintenance and support. We don't browse customer data, and we'd rather build features that make access unnecessary — like the export and delete buttons further down.

And if you want a hard guarantee rather than a promise, turn on passphrase encryption (Settings → Security). Your balances, transaction amounts and net-worth history are then stored as ciphertext that only your passphrase can unlock. Your passphrase is used only to derive that key in memory while you're unlocked — it is never stored, logged or written to disk. With it on, the operator can see that you have data, but not a single one of your figures — exactly like the locked screen above.

Where does my data live?

In your own private instance. When you sign up, we create a dedicated environment with its own application and its own database, reserved for you alone. Your finances are not a row in a big shared database next to thousands of other people — they are physically separated from every other customer.

Everything runs in European data centres.

What exactly is encrypted?

• In transit: all traffic between you and your instance uses HTTPS (TLS).
• API keys: stored encrypted at rest inside your own instance, never shown again after you save them, and never written to logs or returned by the API.
• Backups: taken nightly and encrypted with a key unique to your instance — a backup of your data cannot be read with another customer's key.
• Your amounts (optional): turn on passphrase encryption in Settings → Security and your balances, transaction amounts and net-worth history are stored as ciphertext, encrypted with a key derived from a passphrase only you know. The key lives in memory only while you're unlocked — a stolen database file or backup shows no monetary values without your passphrase, not even to whoever runs the server.

One honest note: we don't market Krosos as "end-to-end encrypted", because by default the server needs to read your data to compute your net worth, fetch prices and draw your charts. Our protection model is isolation — your own instance, your own database, your own backup key — plus encryption where it matters most, and optional passphrase encryption of your amounts on top. We'd rather tell you exactly how it works than use a buzzword that doesn't apply.

What if something happens to my data?

Your instance is backed up every night, encrypted, to separate storage. If something goes wrong — on our side or yours — we can restore your environment.

How do I sign in?

With your Google account. Krosos never sees or stores a password — sign-in security, including two-factor authentication, is handled by Google.

Is the Telegram bot safe?

It's optional, and it's built so the connection stays yours. You create your own bot, so the token is yours — there's no shared bot your messages pass through. The token is stored encrypted inside your instance, never shown again or written to logs. Only the single chat you link can read your net worth or log a trade; every other chat is refused, and Telegram has to present your instance's private secret before any message is accepted.

Every trade or position change is shown for you to confirm and saved only when you tap Confirm, through the same checks as the web app. If you've turned on passphrase encryption and your session is locked, the bot can't read or write your amounts either. Remove it whenever you like and the token and connection are wiped.

What if I want to leave?

Then leaving is easy, on purpose. At any time you can export your complete database with one click and take it with you — it's a standard SQLite file you can open with free tools. You can also delete everything with one click. After a cancellation, your data is kept for 30 days (in case you change your mind), then permanently deleted.

We think the ability to walk out the door at any moment is the strongest reason to trust a product. You're never locked in.

What we will never do

• Sell or share your data — with anyone, for any reason.
• Show you ads or run third-party trackers.
• Ask for API keys that can move your money.
• Make it hard to export or delete your data.

Still have a question?

Ask us directly: support@krosos.com. A real person reads it. For the formal version of all this, see the privacy policy.