How Deena Protects Your Household

Your household runs on trust — between the people in it and the tools you rely on. Deena is built to earn that trust. Here’s how we protect the information you share with us.

Your Household Is Your Own

Every household on Deena operates within its own security boundary. When you create a household, Deena generates a unique encryption key scoped exclusively to that household. Your tasks, financial data, notes, goals, and schedules are encrypted using that key and stored in our database as ciphertext — unreadable without it.

This means your household’s data is cryptographically isolated from every other household on Deena. Even if you belong to multiple households, each one maintains its own independent encryption boundary. There is no scenario in which one household’s data is accessible to another.

Encryption at Every Layer

Deena applies encryption at multiple levels to protect your information:

In transit: All communication between your device and Deena’s servers is encrypted using HTTPS/TLS. Your data cannot be intercepted or read while traveling over the network.

At rest: Sensitive household data — including transaction descriptions, note content, goal details, and more — is encrypted before being written to our database. Each household’s encryption key is itself protected by a master key managed through Google Cloud’s Key Management Service (KMS), a hardened infrastructure designed to safeguard cryptographic keys. The master key never leaves Google’s secure environment.

Infrastructure-level: Our database and storage layers enforce their own encryption at rest as an additional safeguard, independent of Deena’s application-level encryption.

How Deena Uses Your Data

Deena’s intelligence features — like Daily Focus, semantic search, and household insights — work by processing your data on our servers. This is what allows us to surface the right priorities, find information across your notes and finances, and help you coordinate as a household.

To power these features, Deena decrypts your data in a controlled server-side environment, processes it, and returns results to you. Your data is only ever decrypted when actively being used to serve a feature you’ve requested, and processing is always scoped to your household. We never combine, share, or analyze data across households.

We want to be straightforward about this: Deena is not an end-to-end encrypted (E2EE) platform. E2EE would prevent our servers from reading your data entirely, which would also prevent us from offering the intelligent features that make Deena useful. We made a deliberate architectural choice to encrypt your data at rest and in transit while retaining the ability to process it server-side — the same approach used by trusted platforms like Google Workspace, Notion, and other tools that provide intelligent features on top of your data.

What We Don’t Do

We never sell your data. Your household information is not shared with advertisers, data brokers, or any third party for marketing purposes.

We never train AI models on your data. Deena uses AI to generate insights for your household, but your data is not used to train or improve models for other users or any external system.

We never share data across households. Even if the same person belongs to multiple households, each household is a completely independent security boundary.

We never store data we don’t need. We follow the principle of data minimization — we collect and retain only what’s necessary to provide the features you use.

Financial Data and Third-Party Integrations

When you connect financial accounts through Deena, we use Plaid — a widely trusted financial data platform used by thousands of financial applications — to securely retrieve your transaction data. Deena never sees or stores your banking credentials. Plaid handles authentication directly with your financial institution.

Once transaction data reaches Deena, it’s encrypted and stored within your household’s security boundary, subject to the same protections as all other household data.

Our Infrastructure

Deena runs on Google Cloud Platform, leveraging Google’s security infrastructure including:

  • Key Management Service (KMS) for cryptographic key protection
  • Identity and Access Management (IAM) to enforce strict access controls on who and what can interact with your data
  • Audit logging to monitor access to sensitive systems and keys
  • Automatic encryption at the storage and network layers

Our Commitments

Security is not a feature we ship once — it’s a discipline we practice continuously. We commit to:

  • Maintaining household-scoped encryption for all sensitive data
  • Enforcing strict access controls and audit logging across our infrastructure
  • Regularly reviewing and updating our security practices
  • Being transparent with you about how your data is handled
  • Notifying you promptly if a security event ever affects your household

Questions?

If you have questions about how Deena protects your household, we’d love to hear from you. Reach out to us at security@deena.one.

We use cookies to analyze site traffic and improve your experience. Learn more