How BridgeToFI protects advisor and client data. Built for the trust requirements of financial professionals.
Last updated: February 16, 2026
BridgeToFI's backend runs on Supabase, a managed platform built on top of Amazon Web Services (AWS). Supabase provides SOC 2 Type II compliant infrastructure, meaning their hosting environment, access controls, and operational processes are independently audited. All database servers run in AWS data centers located in the United States.
All data transmitted between your browser and BridgeToFI is encrypted using TLS 1.2 or higher (HTTPS only). Data stored in the database is encrypted at rest using AES-256 disk-level encryption provided by the underlying AWS infrastructure. Supabase authentication tokens use industry-standard JWT with HMAC-SHA256 signatures.
The BridgeToFI application is served over HTTPS with HSTS headers. API endpoints accept only authenticated requests. The database is not directly accessible from the public internet; all queries pass through Supabase's API layer with authentication and authorization checks enforced on every request.
Transactional emails (account verification, password resets) are sent from noreply@bridgetofi.com via Resend, a dedicated email delivery service. Emails are authenticated using SPF, DKIM, and DMARC records on the bridgetofi.com domain, which helps prevent spoofing and ensures delivery to your inbox rather than spam. Resend receives only the recipient's email address and the email content; no financial data is included in any transactional email.
All BridgeToFI administrative accounts with partner services (Supabase, Resend, Stripe, Netlify, Formspree) have multi-factor authentication enabled. This protects against unauthorized access to infrastructure even if a password is compromised. Access to production systems is limited to the minimum number of accounts necessary to operate the service.
Every database table in BridgeToFI enforces Row-Level Security policies. This means that even if a query is constructed, the database itself refuses to return rows belonging to another user. Your scenarios, client data, firm settings, and activity logs are only accessible when authenticated as you. This is enforced at the database layer, not just the application layer, providing defense-in-depth.
Each advisor account operates in its own isolated namespace. Advisor A cannot query, modify, or even detect the existence of Advisor B's data. For multi-user firms using the Team feature, data visibility is controlled by the firm owner: either shared across the team or siloed so each advisor sees only their own clients. These permissions are enforced via database policies, not just UI restrictions.
BridgeToFI stores scenario data (ages, account balances, income sources, expense projections) associated with client nicknames. We actively discourage entering personally identifiable information such as Social Security numbers, full legal names, or account numbers. The client name field in the portal is labeled as a "nickname or identifier" with an explicit warning. Advisors control what data they enter.
BridgeToFI supports two authentication paths. Email/password accounts require a strong password (8+ characters with mixed case, numbers, and special characters) and support optional two-factor authentication via TOTP authenticator apps. Microsoft SSO delegates identity verification entirely to the user's organization, inheriting whatever MFA policies the organization enforces.
Email/password users can enable TOTP-based two-factor authentication using any standard authenticator app (Google Authenticator, Authy, Microsoft Authenticator, 1Password, etc.). Firm owners can enforce MFA as a requirement for all team members. Microsoft SSO users are governed by their organization's MFA policy.
Advisor sessions automatically expire after a configurable period of inactivity (default: 30 minutes, as recommended by FINRA/SEC guidance for financial advisory tools). A warning appears 5 minutes before expiration. User activity (mouse, keyboard, touch) resets the timer. Sessions are also validated server-side at regular intervals, so revoked credentials take effect promptly.
If an advisor signs out in one browser tab, all other tabs detect the sign-out event and immediately restore the user's personal calculator state. This prevents client scenario data from persisting in the browser after logout.
The advisor portal records a timestamped audit log of significant actions: logins, logouts, scenario creation, scenario saves, scenario deletions, settings changes, data exports, shared link generation, and client reviews. Each log entry includes the user identity, timestamp, and action details. Advisors can filter, search, and export these logs as CSV for compliance record-keeping.
Every saved scenario includes a timestamp ("as of" date) and the application version number. When sharing client-facing reports, the date and version are embedded in the output. This supports regulatory requirements around documenting when specific projections were generated and under what assumptions.
Advisors can export all their data (clients, scenarios, settings, activity logs) as a JSON file at any time from the Account page. Individual scenarios can also be exported as JSON or generated as PDF reports. This ensures you always have access to your data, regardless of your subscription status.
BridgeToFI is a financial planning calculator. It generates hypothetical projections based on user-entered assumptions about savings, investment returns, inflation, expenses, and income timing. It is a modeling tool that helps visualize potential outcomes across different scenarios.
BridgeToFI is not a registered investment advisor, broker-dealer, or financial planning service. It does not provide personalized investment advice, manage assets, or make recommendations about specific securities or investment strategies. Results are hypothetical illustrations, not guarantees. Advisors using BridgeToFI are responsible for their own compliance obligations and client communications.
All PDF reports generated by BridgeToFI include a disclaimer stating that results are hypothetical, based on user-entered assumptions, and not guarantees of future performance. Advisors on the Pro plan can customize this disclaimer text to match their firm's compliance requirements. Reports also include the generation date, app version, and assumption details for full transparency.
BridgeToFI does not sell, share, rent, or monetize your data in any form. Your scenario data, client information, and firm settings exist solely to provide the service you signed up for. We do not use your data for training, analytics, or any purpose beyond operating the product.
You can permanently delete your account and all associated data at any time from the Account page in the advisor portal. Deletion removes all clients, scenarios, firm settings, and activity logs. We recommend exporting your data first. Deletion is immediate and irreversible.
The free BridgeToFI calculator (used without an advisor account) stores all data locally in the user's browser. No data is transmitted to any server. There is no account, no tracking, and no data collection. The calculator works entirely offline once loaded.
Your data is always exportable. The JSON export format is human-readable and contains all scenario data in standard key-value pairs that can be opened in any text editor or imported into other tools. We commit to providing at least 90 days notice before any service discontinuation, giving you time to export all data. The core calculator has no server dependencies; it runs entirely in the browser.
Supabase performs automated daily backups of all databases. Point-in-time recovery is available. This protects against data loss from infrastructure failures, though it does not substitute for your own exports as a best practice.
If you have security-related questions not addressed here, or need to report a vulnerability, use the feedback button on the calculator or reach out through the contact options on our press page. For product questions, visit our main site.