Bank-grade security across every product in the ecosystem. Your data, your control.
TOTP-based 2FA shared across all products. Set up once, protected everywhere. Rate-limited to prevent brute force.
Bank-style 15-minute inactivity timeout with 60-second warning. Automatic sign-out protects unattended sessions.
AES-256 encryption at rest, TLS 1.3 in transit. TOTP secrets encrypted. Payment data never touches our servers (Stripe handles it).
Granular permissions: owner, admin, member, viewer. Role hierarchy prevents privilege escalation. Invites restricted by role level.
Complete audit trail of authentication events, subscription changes, and admin actions. Ecosystem-wide compliance monitoring.
Google Cloud Run with non-root containers. Secrets in Google Secret Manager. Helmet security headers. Global rate limiting.
MyAndGo uses Firebase Auth for identity, optional TOTP-based 2FA, bank-style session timeouts, role-based access control, and rate limiting on all sensitive endpoints.
All data is stored in Google Cloud's Sydney region (australia-southeast1). See our Australian Data Residency page for details.
No. All payment processing is handled by Stripe. Card numbers, CVVs, and expiry dates never touch our servers.
Yes. MyAndGo undergoes regular security audits covering authentication, authorisation, input validation, secrets management, rate limiting, and infrastructure configuration.