Security
Report a security concern.
If you believe you found a vulnerability, please send enough detail for the issue to be reproduced and fixed quickly. Reports are reviewed with priority because user trust matters here.
Last updated: July 3, 2026
How to report
Email hello@siegelfinancial.org with the subject Security Report. If you can, include:
- The affected URL, page, or feature.
- Clear steps to reproduce what you found.
- The browser, device, and operating system you used.
- Screenshots or screen recordings if they help explain the issue.
- Your contact information if you want a response.
Please do not include passwords, API keys, Social Security numbers, full account numbers, or another person's private data in a report.
Safe testing rules
Good-faith reports are welcome. To keep users protected, please stay within these limits:
- Use only your own account and your own test data.
- Do not attempt to view, change, export, or delete another user's data.
- Do not run high-volume automated scans, denial-of-service tests, spam, phishing, or social engineering.
- Do not attempt destructive testing or actions that could interrupt the service.
There is not a paid bug bounty program at this time, so no reward is promised for reports.
Current protections
Encrypted trafficThe site is served over HTTPS, with browser security headers configured through Firebase Hosting.
Private user recordsFirestore rules are designed so signed-in users can access only their own plan document.
Managed loginFirebase Authentication handles account login, password reset, and session management.
Abuse protectionFirebase App Check with reCAPTCHA helps limit automated abuse of backend services from unsupported origins.
Credential boundariesThe app is designed for balances and planning inputs, not bank credentials, tax IDs, or full account numbers.
For users
Use a strong, unique password. Sign out on shared devices. Do not enter bank passwords, brokerage passwords, Social Security numbers, tax IDs, full account numbers, or payment card numbers.