Privacy Notice

BankPlatform is the data controller responsible for your personal data. We operate a secure financial data aggregation platform that allows you to link your bank accounts and view aggregated financial information.

• Identity data: full name, email address
• Financial data: bank account details (via Plaid), transaction history, account balances
• Technical data: IP address, browser type, session identifiers
• Usage data: actions performed within the platform (audit log)

• Contract performance: to provide the financial aggregation service
• Consent: to link your bank accounts via Plaid and retrieve transaction data
• Legal obligation: to maintain audit logs for PCI-DSS and SOC 2 compliance
• Legitimate interests: to detect fraud and maintain platform security

• All sensitive data encrypted at rest using AES-256-GCM
• All data in transit protected using TLS 1.3
• Encryption keys stored in a dedicated secrets manager
• Role-based access control on all financial data
• Multi-factor authentication required for all accounts

• Right of access: request a copy of all data we hold (Settings → Export My Data)
• Right to erasure: request deletion of your account (Settings → Delete Account)
• Right to withdraw consent: withdraw at any time (Settings → Manage Consent)
• Right to data portability: receive your data in JSON format

Contact: privacy@bankplatform.example