Last time we wrote about honest math — how Arthea builds a forecast, and the backtest where our own model landed at zero. That was one half of trust. This is the other half: what happens to your numbers after you load them in.
The short version surprises people. The most private data is the data you never had to hand over in the first place — so we designed the whole thing to need as little of you as possible. You can be a stranger to Arthea and still see your entire financial future.

The math doesn’t need your name
Here’s the thing most people don’t realize about a wealth forecast: it runs on money, not identity. Account balances, contributions, ages, the year you’d like to retire — those drive the simulation. Your legal name, your spouse’s name, your kids’ names, your exact date of birth? The engine doesn’t use them to compute anything. For the projection, only the bith year matters, because that sets a time horizon.
So we don’t ask you to be yourself. You’re actively encouraged to use a pseudonym — “Spouse 1,” “Child A,” initials, a nickname, whatever you like. The forecast comes out exactly the same. The one honest caveat is the old one: garbage in, garbage out. The financial numbers need to be real for the answer to mean anything. Who they belong to does not.
That single design decision does more for your privacy than any amount of encryption: if we never learn who you are, there’s nothing to leak.
What you do type in is locked — and the key is kept somewhere else
Of course, some details still get entered, and those are protected at every stage. Your data is encrypted while it travels to us and while it sits at rest, which is table stakes — everyone should do that, and we do.
But we go a step further with the personal fields specifically. Even inside our own database, those details are scrambled, and the key that unscrambles them is kept separately — behind a different door, under a different lock. That separation is the whole point. A stolen copy of the database, on its own, is unreadable noise. Reading it would require the data and the separate key at the same time, which are deliberately kept apart.
Not even our own team has standing access to your identity
This is the part we’re most proud of, because it’s the part most companies quietly skip. Nobody on our side has day-to-day, look-whenever-they-want access to your identifiable information. There’s no standing key sitting in someone’s hands. If for operational reasons access is needed, a new temporary time-bound key is created in real time. Once used, it’s permanantly disabled. It takes a deliberate, temporary, logged grant — and then it’s revoked. Every access leaves a record.
In plain terms: “trust us, we won’t look” is not a security model.
Following the principle of zero trust is!
We never see your password
You sign in through Google. That means Arthea never asks for, handles, or stores your credentials. One less secret in the world with your name on it.
It stays in Canada, and it stays yours
Your data is hosted in Canada. And it remains yours in the way that matters most: you can delete your household and everything in it, whenever you want. Not “email us and we’ll consider it” — a delete you control. We keep short-term backups so a mistake is recoverable, not a permanent archive of people who left.
If you want the fine print rather than the plain-English version, it lives in our Privacy Policy.
The honest part — because this is us
We’d be breaking our own rule if we told you any of this makes Arthea unbreakable. No system is. We’re not going to pretend otherwise, the same way we didn’t pretend our forecast bands always hold.
So, plainly: we are not yet certified to a formal external standard like SOC 2. But what we’ve built is designed to meet that bar as we grow, and we keep our security, privacy, and compliance decisions in living registers rather than a marketing page — but a certificate is a certificate, and we don’t have that one yet. And no encryption on earth (or a certificate) defends against every conceivable attack.
What we can promise is the thing at the top of this piece: we made your identity unnecessary, we locked what little you do share and kept the key apart from it, we can’t casually look, and we’ll tell you the truth about where our protections stop. For a tool that models your money, honesty about the limits is part of the security.
The most secure fact about you is the one we never asked for. That’s the design.
See what your range of outcomes looks like — as a stranger, if you like — at arthea.ca.
Arthea is an educational and analytical tool for Canadian households. It does not provide personalized financial, tax, or investment advice, and this article is not legal advice. For the governing terms, see our Privacy Policy and Terms.


