The Short Version

• ✅ We never see your bank password

• ✅ We can’t make transfers or payments (read-only access)

• ✅ Your data is encrypted (AES-256)

• ✅ We use industry-standard open banking protocols

• ✅ You can delete everything anytime

​How Bank Connections Work?

​1. You Log in Directly to Your Bank

When you connect a bank, you’re redirected to your bank’s official website. You enter your credentials there—not on Lunch Flow. We never see or store your password.

2. You Authorize Read-Only Access

Your bank asks: “Do you want to give Lunch Flow read-only access to your transactions? You click “Yes” and specify which accounts. We can only read. We cannot:

• Make transfers

• Make payments

• Change account settings

• Access your full account number (only last 4 digits)

​3. Your Bank Sends Us Your Transaction Data

Using secure open banking APIs, your bank sends us:

• Transaction dates and amounts

• Merchant names

• Account balances

• Transaction categories (if available)

We don’t get:

• Your login credentials

• Your PIN

• Security questions/answers

• Full account numbers

​Open Banking Compliance

PSD2 (Europe)

For European banks, we use providers that are PSD2 compliant, which means:

• Regulated by financial authorities

• Regular security audits

• Strict data protection standards

• Consumer protection built-in

Other Regions

We use established, regulated open banking providers in each region:

• North America: MX/Finicity (regulated financial services provider)

• Pacific Asia: Finverse (licensed aggregator)

• New Zealand: Akahu (certified open banking provider)

Your Control

You Can Always:

• ✅ See exactly what data we have

• ✅ Disconnect any bank anytime

• ✅ Delete specific connections

• ✅ Export all your data

• ✅ Delete your entire account (and all data)

Questions About Security?

If you have specific security questions or concerns:📧 Email: hello@lunchflow.app . We’re happy to provide more technical details or discuss your specific use case.