The Short Version
- ✅ We never see your bank password
- ✅ We can’t make transfers or payments (read-only access)
- ✅ Your data is encrypted (AES-256)
- ✅ We use industry-standard open banking protocols
- ✅ You can delete everything anytime
How Bank Connections Work
1. You Log In Directly to Your Bank
When you connect a bank, you’re redirected to your bank’s official website. You enter your credentials there—not on Lunch Flow. We never see or store your password.2. You Authorize Read-Only Access
Your bank asks: “Do you want to give Lunch Flow read-only access to your transactions?” You click “Yes” and specify which accounts. We can only read. We cannot:- Make transfers
- Make payments
- Change account settings
- Access your full account number (only last 4 digits)
3. Your Bank Sends Us Your Transaction Data
Using secure open banking APIs, your bank sends us:- Transaction dates and amounts
- Merchant names
- Account balances
- Transaction categories (if available)
- Your login credentials
- Your PIN
- Security questions/answers
- Full account numbers
Open Banking Compliance
PSD2 (Europe)
For European banks, we use providers that are PSD2 compliant, which means:- Regulated by financial authorities
- Regular security audits
- Strict data protection standards
- Consumer protection built-in
Other Regions
We use established, regulated open banking providers in each region:- North America: MX/Finicity (regulated financial services provider)
- Pacific Asia: Finverse (licensed aggregator)
- New Zealand: Akahu (certified open banking provider)
Your Control
You Can Always:
- ✅ See exactly what data we have
- ✅ Disconnect any bank anytime
- ✅ Delete specific connections
- ✅ Export all your data
- ✅ Delete your entire account (and all data)