Compliance, Explained
How BankSync operates under regulated open banking frameworks. Who holds the licence, what data flows where, and how you stay in control.
How BankSync accesses your financial data
BankSync operates as an intermediary under regulated open banking frameworks. We do not hold banking licences or data-access accreditations directly. Instead, we partner with licensed providers in each region, each of which holds the appropriate authorisation to access financial data on your behalf.
Importantly, we do not persistently store your financial data. Data flows through BankSync's infrastructure transiently, held in temporary memory for up to 5 minutes during sync, then forwarded to your connected destination (Notion, Google Sheets, Airtable, etc.).
Active Frameworks
3 activeOpen Banking (UK)
United Kingdom · FCA Open Banking / PSD2
Licensed Provider
Salt Edge Limited
FCA Financial Reference Number (FRN): 822499
71–75 Shelton Street, London WC2H 9JQ
Data Types
Regulatory Disclosures
- 1BankSync does not hold its own FCA authorisation or registration. UK Open Banking access is provided through Salt Edge Limited, a Registered Account Information Service Provider (RAISP) authorised by the Financial Conduct Authority (FCA FRN 822499, Companies House 11178811, 71–75 Shelton Street, London WC2H 9JQ).
- 2BankSync accesses UK bank data under a data-sharing arrangement with Salt Edge Limited. Salt Edge Limited bears regulatory responsibility to the FCA for UK Open Banking data access.
- 3Data accessed via Salt Edge is used solely to provide the sync service you have requested. BankSync does not sell, share, or use your banking data for any secondary purpose.
- 4Financial data obtained via UK Open Banking is processed transiently. It is not written to BankSync's persistent storage. Data passes through an edge worker sync step, spawned in the region closest to you, and is held only in temporary in-memory state before being forwarded to your connected destination.
- 5Salt Edge Limited and BankSync act as joint data controllers at the point of data sharing under UK GDPR. BankSync becomes the sole data controller once data has been received and forwarded to your connected destination.
- 6You may revoke Open Banking consent at any time through your bank's consent dashboard or by contacting BankSync support.
Open Banking (US)
United States & Canada · CFPB Section 1033 / Plaid Exchange
Licensed Provider
Plaid Technologies, Inc.
CFPB: CFPB-registered data aggregator
San Francisco, CA, USA
Data Types
Regulatory Disclosures
- 1US and Canadian bank connections are facilitated through Plaid Technologies, Inc., a CFPB-registered financial data aggregator operating under CFPB Section 1033 rules and bilateral data-sharing agreements with financial institutions.
- 2BankSync does not store banking credentials. Authentication is handled directly between Plaid and your financial institution using tokenised connections.
- 3Data accessed via Plaid is used solely to provide the sync service you have requested. BankSync does not sell, share, or use your banking data for any secondary purpose.
- 4Financial data obtained via Plaid is processed transiently. It is not written to BankSync's persistent storage. Data passes through an edge worker sync step, spawned in the region closest to you, and is held only in temporary in-memory state before being forwarded to your connected destination.
- 5You may revoke Plaid access at any time via the Plaid Portal (my.plaid.com) or by disconnecting the bank from within BankSync.
Investment Data (US)
United States & Canada · SnapTrade API / brokerage partnerships
Licensed Provider
SnapTrade
N/A: Brokerage API aggregator
Data Types
Regulatory Disclosures
- 1Investment portfolio and brokerage data is provided via SnapTrade, a financial data aggregator with direct API partnerships with US and Canadian brokerage providers.
- 2BankSync does not store brokerage credentials. Authentication is handled directly by SnapTrade and your brokerage.
- 3Investment data accessed via SnapTrade is used solely to provide the sync service you have requested. BankSync does not sell, share, or use your investment data for any secondary purpose.
- 4Investment data is processed transiently and is not written to BankSync's persistent storage.
Draft Frameworks
1 draftConsumer Data Right (CDR)
Australia · CDR Open Banking (ACCC)
Licensed Provider
Fiskil Pty Ltd
ACCC CDR Accreditation: ADRBNK000246
Australia
Data Types
Regulatory Disclosures
- 1This page is a draft. BankSync has not been appointed as a CDR Representative of Fiskil Pty Ltd, holds no CDR accreditation of its own, and is not currently authorised to access CDR data under the Consumer Data Right regime.
- 2The intended arrangement is for BankSync to be appointed as a CDR Representative of Fiskil Pty Ltd (CDR Registration ADRBNK000246) under CDR Rule 1.10AA, with Fiskil acting as our CDR Principal and collecting and disclosing CDR data on our behalf under Fiskil's CDR Policy. None of this is in effect today.
- 3BankSync does not currently appear on the ACCC's public CDR Register as a CDR Representative. The disclosures below describe the proposed model and will only become operative if and when that appointment is executed and published.
- 4Consent is collected through Fiskil's hosted consent screen. Maximum consent duration is 12 months (CDR Rule 4.14). You receive advance notice before expiry.
- 5CDR data is used solely to provide the sync service you have requested. BankSync does not sell, share, or use your CDR data for any secondary purpose.
- 6Financial data obtained under CDR is processed transiently. It is not written to BankSync's persistent storage. Data passes through an edge worker sync step, spawned in the region closest to you, and is held only in temporary in-memory state before being forwarded to your connected destination.
- 7Upon account deletion or consent revocation, all active CDR consents are immediately withdrawn and connection data is queued for deletion.
- 8CDR complaints can be directed to Fiskil Pty Ltd or to the Australian Financial Complaints Authority (AFCA) and the Office of the Australian Information Commissioner (OAIC). Applicable laws include the Privacy Act 1988 (Cth), Competition and Consumer Act 2010 (Cth), and the Consumer Data Right Rules.
Data Flow Architecture
Regardless of which regulatory framework applies to your region, BankSync uses the same pass-through architecture:
- 1Your bank authenticates you directly via the open banking API.
- 2The licensed provider (Fiskil, Salt Edge, or Plaid) retrieves your account data under their authorisation.
- 3BankSync receives the data in an edge worker sync step. No data is written to persistent storage.
- 4Financial data is held in temporary V8 heap memory only, with a 5-minute TTL. The cache is discarded after sync completes.
- 5Data is forwarded to your chosen destination (Notion, Google Sheets, Airtable, etc.).
- 6BankSync retains only operational metadata (feed configuration, sync timestamps, error logs), never your transaction or balance data.
Compliance Questions
If you have questions about how we operate under any regulatory framework, or wish to exercise your data rights, please contact us.
Regulated, Transparent, and Yours to Control
Every region, every provider, fully disclosed. Because you deserve to know who touches your data.
14-day free trial • Cancel anytime