Trust & Safety

Security

An explanation of how FinTrack accesses, stores, and protects your bank account data.

How FinTrack Protects Your Bank Data

Before you connect a bank account, here is exactly what FinTrack can and cannot access, and how your data is kept secure.

Read-only accessNo credentials storedAES-256-GCM encrypted

How the connection works

You open FinTrack

Tap "Link Account" to start the secure connection flow.

Bank login via Mono

A Mono-powered widget opens. You enter your bank credentials directly into Mono — FinTrack never sees them.

Secure token exchange

Mono gives FinTrack a read-only access token (not your password). FinTrack uses it to pull your account data.

Encrypted storage

Account balance and transactions are stored with AES-256-GCM encryption. Keys are held in a separate secure environment.

What we access

  • Account name and number
  • Current account balance
  • Transaction history (date, amount, description)
  • Bank institution name

What we can never do

  • Log in to your bank directly
  • Move, transfer, or withdraw money
  • Make payments on your behalf
  • See your banking password or PIN

How your data is stored

Encrypted at rest

Sensitive fields (account number, balance, institution) are encrypted with AES-256-GCM before being stored in the database.

Keys stored separately

Encryption keys are never stored alongside your data. They live in a secured environment only our infrastructure can access.

Secure in transit

All data between your device and our servers is encrypted with TLS (HTTPS). No plain-text transmission.

You're always in control

You can disconnect any linked account at any time from Accounts page. Once disconnected, FinTrack immediately stops syncing that account.

Your historical transaction data is retained for up to 90 days after disconnection, then permanently deleted per our data retention policy. You can find the disconnect option from the Accounts page in the app.

Third-party providers

  • Mono (licensed CBN open-banking provider): connects FinTrack to your Nigerian bank. Mono operates under CBN data regulations and their own privacy policy.
  • Cloud infrastructure: our backend servers process your data under strict data processing agreements. Data stays within our controlled environment.
  • We never share your financial data with advertisers, data brokers, or any party not essential to delivering the Service.

Frequently asked questions

Does FinTrack store my banking password?

No. Your password is entered into Mono's secure login widget. FinTrack only ever receives a read-only token — we never see or store your credentials.

Can FinTrack make transactions from my account?

No. The connection is strictly read-only. FinTrack can view your account information but has no ability to move money or initiate any action.

What happens to my data when I disconnect an account?

Syncing stops immediately. Your existing transaction history is retained for 90 days to preserve your financial records, then permanently deleted.

Can anyone access my bank data?

Direct access to your financial data is restricted at the infrastructure level. All data access is controlled and logged.

Questions about your data? Email us at the address in our Privacy Policy. We aim to respond within 5 business days.