Skip to main contentThe Short Version
- โ
We never see your bank password
- โ
We canโt make transfers or payments (read-only access)
- โ
Your data is encrypted (AES-256)
- โ
We use industry-standard open banking protocols
- โ
You can delete everything anytime
How Bank Connections Work
1. You Log In Directly to Your Bank
When you connect a bank, youโre redirected to your bankโs official website. You enter your credentials thereโnot on Lunch Flow.
We never see or store your password.
2. You Authorize Read-Only Access
Your bank asks: โDo you want to give Lunch Flow read-only access to your transactions?โ
You click โYesโ and specify which accounts.
We can only read. We cannot:
- Make transfers
- Make payments
- Change account settings
- Access your full account number (only last 4 digits)
3. Your Bank Sends Us Your Transaction Data
Using secure open banking APIs, your bank sends us:
- Transaction dates and amounts
- Merchant names
- Account balances
- Transaction categories (if available)
We donโt get:
- Your login credentials
- Your PIN
- Security questions/answers
- Full account numbers
Open Banking Compliance
PSD2 (Europe)
For European banks, we use providers that are PSD2 compliant, which means:
- Regulated by financial authorities
- Regular security audits
- Strict data protection standards
- Consumer protection built-in
Other Regions
We use established, regulated open banking providers in each region:
- North America: MX/Finicity (regulated financial services provider)
- Pacific Asia: Finverse (licensed aggregator)
- New Zealand: Akahu (certified open banking provider)
Your Control
You Can Always:
- โ
See exactly what data we have
- โ
Disconnect any bank anytime
- โ
Delete specific connections
- โ
Export all your data
- โ
Delete your entire account (and all data)
Questions About Security?
If you have specific security questions or concerns:
๐ง Email: hello@lunchflow.app
Weโre happy to provide more technical details or discuss your specific use case.
