Account

Security & Privacy

The short version

  • ✅ We never see your bank password
  • ✅ We can't make transfers or payments (read-only access)
  • ✅ Your data is encrypted (AES-256)
  • ✅ We use industry-standard open banking protocols
  • ✅ You can delete everything at any time

How bank connections work

1. You log in directly to your bank

When connecting a bank account, you're redirected to your bank's official website. We never see or store your password.

2. You authorise read-only access

Your bank issues read-only access to Lunch Flow. We can only read data - we cannot:

  • Make transfers or payments
  • Change account settings
  • Access your full account number (only the last 4 digits)

3. Your bank sends us your transaction data

Secure open banking APIs transmit:

  • Transaction dates and amounts
  • Merchant names
  • Account balances
  • Transaction categories (if provided by your bank)

We do not receive: login credentials, PINs, security questions, or full account numbers.

Open banking compliance

RegionStandard
UK & EUPSD2 via GoCardless - regulated, audited, strict data protection
US & CanadaMX / Finicity - regulated financial services providers
Pacific AsiaFinverse - licensed aggregator
New ZealandAkahu - certified open banking provider

Your controls

  • ✅ See exactly what data is held
  • ✅ Disconnect any bank at any time
  • ✅ Delete specific connections
  • ✅ Export all your data
  • ✅ Delete your entire account

FAQ

How is this guide?