A plain-language look at how we keep your provider credentials on your own device — and why that matters.
← Back to the blogBy the BillMaple Team · June 18, 2026 · 3 min read
When an app asks to connect to your Hydro or telecom account, a fair question is: "Where do my passwords actually go?" At BillMaple, the answer is simple — not onto our servers. Here's how that works, in plain language.
When you link a provider, your login session is stored using your phone's built-in secure storage — Apple Keychain on iOS and the Android Keystore on Android. These are hardware-backed vaults the operating system protects. We never keep a plain-text copy of your provider passwords on our servers.
BillMaple acts only as a technical reader. We fetch your balance and due date so your dashboard stays current — and that's it. We can't move money, make payments, or change settings on your provider accounts. Even in a worst-case scenario, there's very little that could be done with read-only access.
All communication between the app and our systems uses industry-standard TLS encryption, and the data we do store is encrypted at rest. Your own BillMaple account password is saved only as a salted, one-way hash — never in readable form.
Want the full technical detail? Read our Security page or our Privacy Policy.
