The security and privacy of your data and your trust are the highest priorities for Monshare. You can rest assured your information is safe with us. We want to give you a bit more information on how we connect to bank accounts and what we do to keep it all secure. In simple plain english, no policy lingo.
How do we access your data?
- We access your bank accounts in read-only mode via our trusted partner – SaltEdge, which is FCA authorized – and ISO 27001 certified. Using their API, through a secure TLS channel, we can aggregate your financial data without Monshare ever coming in contact with your bank account. FCA authorized effectively means that they have proven to the government that their internal process and technology are safe, secure and are meet all the required regulations.
- We don’t process payments, so connecting to your bank using Monshare will never result in an authorized payment.
- Your bank credentials are not stored anywhere on our servers and the majority of the banks will ask for extra authorization using their online banking app, sms or other forms of two-factor authentication.
- We can only load your latest transactions as long as you grant us the permission to do so. You can revoke your permission at any point with your Bank directly. Besides this permission will automatically expire every 90 days, so you don’t need to worry if you forget about it.
- We are blocked from getting in touch with your money, meaning:
- We cannot ‘block’ or move any amount away from your bank account
- We cannot perform any payments on your or anyone else’s behalf
- We cannot read or override any permissions and settings that you set when you connect to your bank account
What data do we access when connecting to your bank accounts?
We load and store the following data:
- Name of the bank
- Obfuscated number of your account numbers (e.g. last 4 characters)
- Daily balances (when your bank allows us to)
- Daily transactions with a 3 month look-back, meaning that when you connect to Monshare for the first time you will only see the last 3 months worth of your transactions.
- Transactions are described with amounts, merchant name, date and any other information you see in your bank statements.
Who has access to your data?
Only the core engineering team at Monshare and SaltEdge have capability to view user data. Such access requires written approval from the CEO and all access procedures are reviewed quarterly.
We only have access to the information and permissions you have agreed to share with us. We respect your privacy and will not sell your data to anyone.
We have advanced logging and monitoring in place, which helps us prevent unauthorized access. We also perform automatic vulnerability scans and regular penetration testing.
How do I ask a question or raise a complaint?
If you have any concerns about data you share with us, we’d appreciate a chance to make things right. Please drop us an email to firstname.lastname@example.org and you will receive a personal response. If you don’t find our resolution to your satisfaction, it’s in your right to reach out to the Information Commissioner’s Office.
Is Open Banking secure and how is it different?
Open banking is the practice of sharing financial information electronically, securely, and only under conditions that the customer approves of. All of the banks in the UK are obliged to follow the Open Banking standard and provide access to consumer accounts based on consumer’s request. In practice, Open Banking connectivity works as follows:
- User selects bank (e.g. Monzo)
- If Monzo app is installed on the mobile app, then it’s opened and user I asked to login in to Monzo
- Once in Monzo, user will see a request to authorize access to bank transactions for SaltEdge Ltd.
- Once authorized, SaltEgde will read the transactions and will pass them over to Monshare.
- If you change your mind, you can go to Monzo, SaltEdge client dashboard or Monshare directly to revoke your access.
How to revoke permission to access your bank account?
- Navigate to ‘Accounts’
- Click ‘Settings’ button
- Swipe to Disconnect
How to delete your profile:
- Navigate to Profile
- Click ‘Delete Monshare Account’
Please keep in mind that after deletion:
- Your monshare account will be deleted and you won’t be able to log in with the same email again
- Consent to connect to your bank accounts will be revoked
- All your pots will be archived
- If you belong to someone else’s pot, your email address will be replaced with anonymous email
We will keep the following data about you
- The fact that you have removed the account and your country of residence.
- Your anonymized transactions, including amounts and merchants.
- These transactions will no longer be connectable to you or your bank account.
If you want this data removed as well, please write an email to email@example.com. Include GDPR SAR ERASE in the email title.