Account
Security & Privacy
The short version
- ✅ We never see your bank password
- ✅ We can't make transfers or payments (read-only access)
- ✅ Your data is encrypted (AES-256)
- ✅ We use industry-standard open banking protocols
- ✅ You can delete everything at any time
How bank connections work
1. You log in directly to your bank
When connecting a bank account, you're redirected to your bank's official website. We never see or store your password.
2. You authorise read-only access
Your bank issues read-only access to Lunch Flow. We can only read data - we cannot:
- Make transfers or payments
- Change account settings
- Access your full account number (only the last 4 digits)
3. Your bank sends us your transaction data
Secure open banking APIs transmit:
- Transaction dates and amounts
- Merchant names
- Account balances
- Transaction categories (if provided by your bank)
We do not receive: login credentials, PINs, security questions, or full account numbers.
Open banking compliance
| Region | Standard |
|---|---|
| UK & EU | PSD2 via GoCardless - regulated, audited, strict data protection |
| US & Canada | MX / Finicity - regulated financial services providers |
| Pacific Asia | Finverse - licensed aggregator |
| New Zealand | Akahu - certified open banking provider |
Your controls
- ✅ See exactly what data is held
- ✅ Disconnect any bank at any time
- ✅ Delete specific connections
- ✅ Export all your data
- ✅ Delete your entire account
FAQ
How is this guide?