Mō tātou katoa.

— Tyson Harding (Mr Chow)

Legal · Security

How we protect your data

Last updated May 2026

The short version

EKKO never holds your money. We never see your bank login credentials. We read your balance through Akahu — a read-only, NZ government-accredited connection — and nothing more.

Your data lives in an encrypted, row-level-secured database. Only you can access your own records. We cannot access, move, or share your financial data without your explicit instruction.

Bank connection via Akahu

EKKO connects to your bank through Akahu — a New Zealand company accredited under the Consumer Data Right (CDR) framework. Akahu acts as a secure bridge. You authenticate directly with your own bank. EKKO never receives, stores, or sees your bank login credentials at any point.

  • EKKO never stores your bank username or password
  • EKKO cannot initiate transfers to any account that is not yours
  • EKKO cannot access accounts you have not explicitly linked
  • Akahu tokens are encrypted at rest using AES-256-GCM
  • Tokens are never logged and never included in any client-side code
  • EKKO only reads balances — we never write to your bank

You can revoke access at any time from your EKKO profile, or directly at my.akahu.nz. Disconnecting immediately stops all future balance reads.

Database security

All EKKO data is stored in a PostgreSQL database managed by Supabase. Every table has Row-Level Security (RLS) enforced at the database layer — not just the application layer. This means the database itself enforces that you can only read and write your own records, regardless of how the application is queried.

  • RLS is enabled on every table — no exceptions
  • User data queries require a valid authenticated session
  • The service role key is never exposed to the browser bundle
  • Raw database errors are never returned to the client

Authentication

Authentication is handled by Supabase Auth. All API routes validate your JWT server-side before processing any request — client-submitted identity claims are never trusted.

  • JWT validated server-side on every request
  • Gold tier requires TOTP-based MFA (AAL2) for every session
  • Tier and game state always read from the database, never from client input
  • Client-submitted tier values are never trusted or acted on

Audit log

Every Judgment Day result — your balance at the time, your High Water Mark, and the outcome — is written to an append-only audit log. A PostgreSQL trigger blocks any UPDATE or DELETE on this table. The log is immutable by design.

  • Audit records are retained for 7 years from the date of each event
  • Any disputed game outcome can be independently verified from the log
  • No Judgment Day result can ever be altered after the fact

What EKKO cannot do — ever

  • See your bank login credentials
  • Move money to any account that is not yours
  • Access financial data from accounts you have not connected
  • Access AI or probabilistic systems in the game engine — all outcomes are deterministic and auditable
  • Retain Akahu-sourced data after you disconnect (except the 7-year audit snapshots)
  • Share your data with third parties for advertising

Security contact

Found a vulnerability or have a security concern?

chow@ekko.nz