Your data is yours. Full stop.
No bank logins. No account linking. No data leaves your device unless you explicitly export it.
The risks we built around.
Most personal finance apps require you to share bank credentials with a third-party data aggregator. That single decision opens the risks below — risks DueZen avoids by design, not by policy.
In a 2024 breach at a major fintech middleware bank. Customer data from dozens of finance apps was leaked through a single shared vendor.
By a major fintech data aggregator in 2021 over alleged credential-harvesting practices that went beyond what apps actually needed to function.
In a 2024 fintech middleware bankruptcy that exposed how little oversight exists in the layer between apps and banks.
The “anonymized” data myth
Just 3–4 transactions can re-identify a person with about 90% accuracy. Once a fintech sells your “anonymized” transaction stream to hedge funds or advertisers, control of that data is gone.
Every linked app is another tunnel
APIs are digital tunnels between your bank and an app. The more apps you link, the more tunnels you dig into your financial vault — each one a potential entry point. DueZen never digs a tunnel because it never connects to your bank.
Unlinking is an illusion
Even after you stop using a linked finance app, your data often stays in their backups for years. If they get breached in 2027, your 2024 transactions are still in the bag. DueZen never takes your data in the first place — there's nothing to leave behind, nothing to outlive your account.
The CFPB had to ban this
In October 2024, federal Rule 1033 explicitly prohibited fintechs from using bank data for “targeted advertising” or selling it for secondary purposes. The rule's existence is the evidence.
Two architectures. Two attack surfaces.
The difference between a linked-account app and a local-only app isn't a feature toggle — it's a completely different shape of risk.
| Risk vector | Linked-account apps | DueZen |
|---|---|---|
| Attack surface | App + aggregator + bank + middleware | Your device only |
| Credential storage | Cached for syncing | Never requested |
| Supply-chain risk | Inherits every partner's vulnerabilities | No third-party partners |
| Data honeypot | Millions of users in one cloud database | Decentralized — one device per user |
| Shadow data persistence | Stays in backups for years after you leave | Nothing to leave behind |
| Phishing target | High — known to be linked to a bank | No bank link = no hook |
Unlinking an account is often an illusion. Your data stays in their archives indefinitely, waiting for a future breach.
When you link your bank, you aren't just trusting one app — you're trusting every company that app has a contract with.
DueZen never linked to a bank. Not in version 1, not ever. There's no aggregator to breach, no chain to fail, no anonymized stream to sell.
What we chose not to build.
Most finance apps start by asking for your bank login. We started by asking: what if we never needed it?
Privacy questions, answered.
If you've enabled your phone's standard backup — iCloud Backup on iOS, or Google One on Android — your DueZen data is included in that device-level backup, encrypted and managed by Apple or Google. That's a relationship between you and your device manufacturer, not between you and DueZen. We never upload your data to a server, never sync to a cloud database, and never have a copy of your data outside your device. The backup is yours to control: keep it on if you want your bills to survive a phone replacement, turn it off if you'd prefer your DueZen data lives only on this one phone.
Privacy isn't a feature. It's the foundation.
Download DueZen. Your data stays with you.
