Varda Trust & Security

Your business data deserves a watchdog.

Sherlock is built to help you monitor transactions without giving us the keys to your money. Connected account access is read-only by design.

Scan My Business →Read Privacy Policy
🛡️
Read-only access
A technical limit, not just a promise.
Cannot move money

Sherlock can review financial data you connect or upload. It cannot initiate transfers, send payments, edit bank accounts, or contact your bank on your behalf.

No bank username or password is stored by Sherlock.
Plaid handles secure bank authentication.
You can disconnect accounts from within the app.
🔒

Encrypted data

Data is protected in transit with TLS and encrypted at rest by our infrastructure providers.

👤

Account isolation

Row-level access controls help ensure each user can access only their own Sherlock data.

🚫

No ad tracking

Sherlock does not sell personal information or use transaction data for targeted advertising.

What Sherlock can see

Only the data needed to monitor your business.

Transaction dates, descriptions, vendors, categories, and amounts.
Account names, account types, and balances when you connect supported accounts.
CSV, Excel, and QuickBooks files you choose to upload.
Support messages and feedback you choose to send us.
What Sherlock does not collect

We don't want data we don't need.

Bank login credentials.
Social Security numbers.
Full bank account numbers.
Precise GPS location or demographic/protected-class data.
AI transparency

Sherlock AI only runs with consent.

If you use Ask Sherlock, relevant transaction summaries may be sent to Claude by Anthropic to answer your question. If you do not consent, the AI feature remains unavailable and the rest of Sherlock still works.

We ask for consent before the AI feature is used for the first time.
We do not send bank login credentials, Plaid access tokens, or complete account numbers to the AI provider.
The AI is instructed not to guess. If the data is not available, Sherlock should say so.
Privacy-minded tooling

Built with trusted infrastructure.

Supabase for authentication and database infrastructure.
Plaid for secure financial account connections.
Vercel for application hosting.
PostHog and Sentry for product analytics and error monitoring with sensitive data controls.
Resend for service-related emails.
Security roadmap

Earn the trophy case over time.

We are early, so we will not claim certifications we do not have. As Sherlock grows, these are the next trust investments we expect to make.

Multi-factor authentication options.
Formal vendor and access reviews.
Independent security testing.
SOC 2 readiness when the business is at that stage.
Questions about Sherlock security?
We're happy to answer plainly — no jargon, no runaround.
Contact us →