When using Buddi Live, user data is protected by a number of factors:
The user id (email address) is stored as a cryptographically hashed value. This means that it is not feasible for anyone to discover the email associated with a given account by looking at the database. (Note that the option 'Store Email' stores a copy of the email address in an unecnrypted table. This is so that system emails can be sent as needed. It is recommended that users who are concerned about privacy do not enable the 'Store Email' option.)
Users can optionally enable encryption to prevent loss of data. When encryption is enabled, certain fields in the database are encrypted using a symmetric-key cryptographic system (256-bit AES). Fields which are encrypted include Account name, type, current balance, and starting balance; Budget Category name and budgeted amounts; Transaction description (payee), number (i.e. cheque number), memo, and amount.
The encryption key itself is randomly generated at the time that encryption is enabled for an account. This random key is then encrypted with the user's password, and stored in the database. When a user logs in and the web browser submits an authenticated request, the user's password is used to decrypt the main encryption key which is in turn used to decrypt requested data. (Note that since a user's encryption key is encrypted with their own password, there is no way to reset a lost password for an encrypted account. There are no back doors to the system. If a user's password is forgetten, that user's data is not recoverable. When enabling encryption it is recommended to regularly backup the data using the System / Backup menu)