Security & Privacy

How Lunch Flow keeps your data safe and private

Written By Roaa from Lunch Flow

Last updated 15 days ago

The Short Version

✅ We never see your bank password
✅ We can't make transfers or payments (read-only access)
✅ Your data is encrypted (AES-256)
✅ We use industry-standard open banking protocols
✅ You can delete everything anytime

How Bank Connections Work

1. You Log In Directly to Your Bank

When you connect a bank, you're redirected to your bank's official website or app. You enter your credentials there—not on Lunch Flow.

We never see or store your password.

2. You Authorize Read-Only Access

Your bank asks: "Do you want to give Lunch Flow read-only access?"

You choose which accounts to connect. We can only read—we cannot:

  • Make transfers or payments

  • Change account settings

  • Access full account numbers (only last 4 digits)

3. Your Bank Sends Us Transaction Data

Using secure open banking APIs, your bank sends us:

  • Transaction dates, amounts, and merchant names

  • Account balances

  • Transaction categories (if available)

We never receive:

  • Login credentials or PINs

  • Security questions/answers

  • Full account numbers

Open Banking Compliance

We partner with regulated, audited providers in each region:

PSD2 (Europe)

For European banks, we use providers that arePSD2 compliant, which means:

  • Regulated by financial authorities

  • Regular security audits

  • Strict data protection standards

  • Consumer protection built-in

Other Regions

We use established, regulated open banking providers in each region:

  • North America: MX/Finicity (regulated financial services provider)

  • Pacific Asia: Finverse (licensed aggregator)

  • New Zealand: Akahu (certified open banking provider)

What this means:

  • Regular third-party security audits

  • Strict data protection standards

  • Consumer protection built-in

Your Control

You can always:

  • ✅ See exactly what data we have

  • ✅ Disconnect any bank anytime

  • ✅ Export all your data

  • ✅ Delete your entire account (removes all data permanently)

Questions About Security?

If you have specific security concerns, email us at hello@lunchflow.app—we're happy to provide technical details or discuss your use case.