安全
您的财务数据,时刻受到保护
Timint采用最严格的标准来保护您的个人和财务信息。
端到端加密
您的所有数据在传输中(TLS 1.3)和静态存储时(AES-256)均已加密。
- 所有通信使用TLS 1.3协议
- 存储数据使用AES-256加密
- 加密密钥定期轮换
强化身份验证
通过多层安全保护您的账户。
- 双因素身份验证(2FA)
- 生物识别登录(Face ID / 指纹)
- 应用自动锁定
安全的云基础设施
我们的服务器托管在经过认证的冗余基础设施上。
- Google Cloud Platform托管(欧洲)
- ISO 27001认证数据中心
- 自动异地备份
财务数据保护
您的财务数据享有增强保护。
- 财务数据隔离并单独加密
- 无法直接访问您的银行账户
- 通过Stripe实现支付信息令牌化
访问控制
您对数据和账户保持完全控制。
- 受信任设备管理
- 登录活动日志
- 从所有设备远程登出
安全测试
我们的应用程序定期接受审计和测试。
- 定期安全审计
- 独立专家的渗透测试
- 负责任的披露计划
Server-first architecture (V2)
The computation of your counter, your snapshots and your recommendations runs server-side, never on your phone.
- Business logic hosted in Firebase Cloud Functions (europe-west1)
- 14 dedicated snapshot collections, isolated per user
- Your phone only receives display-ready data, never the sensitive computation
Confidential-by-design AI Coach
Our AI Coach advisors run server-side; your personal context never leaves our infrastructure in clear text toward an external LLM provider.
- Financial context anonymised before any LLM call
- Zero-retention configuration enabled at OpenAI and Anthropic
- AI logic not reverse-engineerable from the mobile bundle
Real-time resilience & time zones
The counter respects your time zone and survives connectivity interruptions.
- TZ-aware midnight rollover (your local rhythm, never forced UTC)
- Encrypted offline cache (80 MB) for continuity without connection
- Server recompute triggered on every mutation (latency < 3 s)
Secrets management & rotation
Integration tokens (Shopify, Stripe, AI) are stored in Google Cloud Secret Manager — never bundled into the app.
- No secret in the mobile bundle distributed on the stores
- Documented rotation for API keys and sensitive credentials
- Strict isolation between test and production environments
Auditing & native TTL
All sensitive actions are logged with a clear retention policy.
- Firestore audit log with native 90-day TTL (automatic purge)
- Per-user scoped cache wiped at sign-out
- Multi-environment traceability for GDPR compliance
认证与合规
GDPR
符合通用数据保护条例
PCI DSS
支付数据安全标准(通过Stripe)
SOC 2
安全性和可用性控制(基础设施)
ISO 27001
信息安全管理体系