Trust & Safety
Security
An explanation of how FinTrack accesses, stores, and protects your bank account data.
How FinTrack Protects Your Bank Data
Before you connect a bank account, here is exactly what FinTrack can and cannot access, and how your data is kept secure.
How the connection works
You open FinTrack
Tap "Link Account" to start the secure connection flow.
Bank login via Mono
A Mono-powered widget opens. You enter your bank credentials directly into Mono — FinTrack never sees them.
Secure token exchange
Mono gives FinTrack a read-only access token (not your password). FinTrack uses it to pull your account data.
Encrypted storage
Account balance and transactions are stored with AES-256-GCM encryption. Keys are held in a separate secure environment.
What we access
- Account name and number
- Current account balance
- Transaction history (date, amount, description)
- Bank institution name
What we can never do
- Log in to your bank directly
- Move, transfer, or withdraw money
- Make payments on your behalf
- See your banking password or PIN
How your data is stored
Encrypted at rest
Sensitive fields (account number, balance, institution) are encrypted with AES-256-GCM before being stored in the database.
Keys stored separately
Encryption keys are never stored alongside your data. They live in a secured environment only our infrastructure can access.
Secure in transit
All data between your device and our servers is encrypted with TLS (HTTPS). No plain-text transmission.
You're always in control
You can disconnect any linked account at any time from Accounts page. Once disconnected, FinTrack immediately stops syncing that account.
Your historical transaction data is retained for up to 90 days after disconnection, then permanently deleted per our data retention policy. You can find the disconnect option from the Accounts page in the app.
Third-party providers
- Mono (licensed CBN open-banking provider): connects FinTrack to your Nigerian bank. Mono operates under CBN data regulations and their own privacy policy.
- Cloud infrastructure: our backend servers process your data under strict data processing agreements. Data stays within our controlled environment.
- We never share your financial data with advertisers, data brokers, or any party not essential to delivering the Service.
Frequently asked questions
Does FinTrack store my banking password?
No. Your password is entered into Mono's secure login widget. FinTrack only ever receives a read-only token — we never see or store your credentials.
Can FinTrack make transactions from my account?
No. The connection is strictly read-only. FinTrack can view your account information but has no ability to move money or initiate any action.
What happens to my data when I disconnect an account?
Syncing stops immediately. Your existing transaction history is retained for 90 days to preserve your financial records, then permanently deleted.
Can anyone access my bank data?
Direct access to your financial data is restricted at the infrastructure level. All data access is controlled and logged.
Questions about your data? Email us at the address in our Privacy Policy. We aim to respond within 5 business days.