Security

How we protect your data.

Last updated: 6 June 2026

Architecture

Bullio is local-first. Your portfolio is stored in a SQLite database on your device. Bullio's backend never receives your holdings, transactions, portfolio values, or purchase prices.

The backend has two responsibilities: caching spot price data from Metals.Dev, and validating premium subscriptions. Neither function requires any knowledge of your portfolio.

Data in transit

All communication between the app and api.getbullio.app is over HTTPS (TLS 1.2+). Cloudflare sits in front of the backend for DDoS protection, CDN caching, and TLS termination.

Backups

Backup files are plain SQLite databases written directly to iCloud Drive (iOS) or Google Drive (Android). Bullio's servers are not involved in this process.

Note: Backup files are not currently encrypted. They are readable by any SQLite viewer. Treat them as sensitive files and store them accordingly.

Biometric lock

Bullio supports Face ID and Touch ID. When enabled, the app requires biometric authentication on open. Screenshot-safe mode can be enabled in Settings to prevent the system from capturing screen content when the app is in the background or during screen recording.

API keys

The Metals.Dev API key is stored on our server only. Your app never receives it. If you prefer to use your own Metals.Dev key, you can enter it in Settings — the app will use it directly, bypassing our backend entirely.

Crash reporting

Bullio uses Sentry for anonymised crash reporting. The integration is configured to strip personally identifiable information before any report is sent. Reports contain error type, file name, and line number only — no portfolio values, no identifiers.

Third-party services

The following third-party services are used by Bullio:

Service Purpose & data received

Metals.Dev
Privacy policy ↗

Spot price data for all four metals Currency code, metal identifier — no portfolio data

ExchangeRate-API
Privacy policy ↗

FX conversion rates Currency pair request — no portfolio data

RevenueCat
Privacy policy ↗

Premium subscription management Anonymous device identifier + App Store/Play receipt Not yet active in v1.0 — wired at subscription launch

Sentry
Privacy policy ↗

Anonymised crash reporting Error type, file name, line number — identifiers stripped Verify beforeSend hook is active in native build before publishing

Cloudflare
Privacy policy ↗

CDN, DNS, DDoS protection Standard server logs including IP addresses in transit

Apple App Store / Google Play

App distribution and payment processing Governed by Apple and Google policies

Responsible disclosure

If you discover a security vulnerability in Bullio, please email support@getbullio.app with a description of the issue. We aim to respond within 5 business days.

Please do not publicly disclose vulnerabilities before we have had a reasonable opportunity to address them.