Security

Your data, protected

Metrifly holds sensitive financial data, so we treat it that way. Here is how we keep your portfolio private, encrypted, and entirely under your control.

01 — Access

We never ask for your broker login

You import your holdings by uploading a CSV or forwarding contract notes by email. Metrifly never requests or stores your broker or bank credentials, so there is no login for an attacker to take and no third-party connection to revoke.

02 — Encryption

Encrypted in transit and at rest

Every connection to Metrifly is encrypted over TLS (HTTPS), and your data is encrypted at rest in our database. Your portfolio data is protected both while it travels to us and while it is stored.

03 — Authentication

Authentication

Accounts are secured with AWS Cognito using the Secure Remote Password (SRP) protocol. Your password is never sent to our servers in the clear — it is used to prove your identity without transmitting the password itself.

04 — Infrastructure

Hardened, access-controlled infrastructure

Metrifly runs on hardened, access-controlled infrastructure. Your data lives in a managed PostgreSQL database with restricted network access. We use AWS only for authentication (Cognito), transactional email (SES), and scoped file storage (S3) — nothing more.

05 — Ownership

Your data is yours

You can export or delete your data at any time. Deleting your account permanently removes your data — there is no hidden archive kept behind the scenes.

06 — Company

An Australian company

Metrifly is operated by Techlyft Pty Ltd (ABN 32 635 864 970), an Australian company.

Have a security question? Contact us →