TimintTimint
安全

您的财务数据,时刻受到保护

Timint采用最严格的标准来保护您的个人和财务信息。

端到端加密

您的所有数据在传输中(TLS 1.3)和静态存储时(AES-256)均已加密。

  • 所有通信使用TLS 1.3协议
  • 存储数据使用AES-256加密
  • 加密密钥定期轮换

强化身份验证

通过多层安全保护您的账户。

  • 双因素身份验证(2FA)
  • 生物识别登录(Face ID / 指纹)
  • 应用自动锁定

安全的云基础设施

我们的服务器托管在经过认证的冗余基础设施上。

  • Google Cloud Platform托管(欧洲)
  • ISO 27001认证数据中心
  • 自动异地备份

财务数据保护

您的财务数据享有增强保护。

  • 财务数据隔离并单独加密
  • 无法直接访问您的银行账户
  • 通过Stripe实现支付信息令牌化

访问控制

您对数据和账户保持完全控制。

  • 受信任设备管理
  • 登录活动日志
  • 从所有设备远程登出

安全测试

我们的应用程序定期接受审计和测试。

  • 定期安全审计
  • 独立专家的渗透测试
  • 负责任的披露计划

Server-first architecture (V2)

The computation of your counter, your snapshots and your recommendations runs server-side, never on your phone.

  • Business logic hosted in Firebase Cloud Functions (europe-west1)
  • 14 dedicated snapshot collections, isolated per user
  • Your phone only receives display-ready data, never the sensitive computation

Confidential-by-design AI Coach

Our AI Coach advisors run server-side; your personal context never leaves our infrastructure in clear text toward an external LLM provider.

  • Financial context anonymised before any LLM call
  • Zero-retention configuration enabled at OpenAI and Anthropic
  • AI logic not reverse-engineerable from the mobile bundle

Real-time resilience & time zones

The counter respects your time zone and survives connectivity interruptions.

  • TZ-aware midnight rollover (your local rhythm, never forced UTC)
  • Encrypted offline cache (80 MB) for continuity without connection
  • Server recompute triggered on every mutation (latency < 3 s)

Secrets management & rotation

Integration tokens (Shopify, Stripe, AI) are stored in Google Cloud Secret Manager — never bundled into the app.

  • No secret in the mobile bundle distributed on the stores
  • Documented rotation for API keys and sensitive credentials
  • Strict isolation between test and production environments

Auditing & native TTL

All sensitive actions are logged with a clear retention policy.

  • Firestore audit log with native 90-day TTL (automatic purge)
  • Per-user scoped cache wiped at sign-out
  • Multi-environment traceability for GDPR compliance

认证与合规

GDPR

符合通用数据保护条例

PCI DSS

支付数据安全标准(通过Stripe)

SOC 2

安全性和可用性控制(基础设施)

ISO 27001

信息安全管理体系