Kura Logo
Launch App
← Back to blog
May 2, 20265 min read

How We Handle Plaintext Financial Data

From external API ingestion to storage, this explains how Kura uses Zero-Access architecture so databases do not store plaintext and teams cannot read personal financial records.

Sometimes we receive plaintext data from external APIs. That is normal in finance integrations.

What matters is what happens next.

At Kura, we follow 3 simple rules:

  1. Plaintext is used only for short, required processing.
  2. Plaintext is not stored in the final database.
  3. Our team cannot directly read users' personal financial data.

1 External API Ingestion

We ingest data from authorized providers, such as balances, transactions, and asset records. At this step, we collect only what is needed:

  • Only required fields
  • Strict token and permission controls
  • No raw plaintext files saved as final storage

2 Payload / Metadata Separation

We split data into two parts:

  • Payload: sensitive details (transactions, values, identifiers)
  • Metadata: system info (version, source, timestamp, index keys)

This keeps system operations separate from sensitive financial content. Metadata helps with sync and state, but does not store readable personal finance data.

3 ZA Encryption (Zero-Access Encryption)

Before long-term storage, payloads are encrypted using our Zero-Access model. In this model, the platform does not have direct ability to decrypt personal financial content.

In practice:

  • Storage receives ciphertext, not readable records
  • Duties are split across components to avoid single-point access
  • Key handling is separated from normal data access

4 Storage

The database stores:

  • Encrypted payload (ciphertext)
  • Minimal metadata needed for operations

So in the database:

  • There is no directly readable personal finance plaintext
  • Looking at rows does not reveal full financial details

5 Why Our Team Cannot Read Users' Personal Financial Data

This is enforced by architecture, not by promises:

  • Storage is ciphertext-first
  • Access rules block direct reading of sensitive payloads
  • Support uses minimal structured context, not full raw finance content

In short, our team can run the system, but cannot freely read user financial data.

6 Common Questions

Q: If plaintext is briefly processed, can the platform inspect everything?

No. Plaintext exists only in short processing steps. After split and encryption, final storage is non-readable ciphertext.

Q: Does the database contain readable transaction details?

No. It stores encrypted payload and minimal metadata, not readable personal finance plaintext.

Real privacy is not "please trust us." Real privacy is system design that limits what anyone can see. That is the core of Kura's Zero-Access approach.