Your Consent, Your Control
You decide what BankSync can access, when, and for how long. Here's how consent works from start to finish.
“We built consent to be easy to give - and just as easy to take back.”
Consent can be revoked at any stage · via your bank, the provider, or BankSync
Granting Consent
Consent is always collected through the licensed provider's hosted interface; BankSync never collects it directly. This keeps your banking credentials entirely outside of BankSync's systems.
- You are redirected to your bank's own authentication screen via the licensed provider's consent flow.
- You select the data categories you wish to share (e.g. transactions, balances) and the accounts to include.
- On authorisation, the licensed provider issues a tokenised connection. Only this token is returned to BankSync, never your credentials.
- BankSync stores the token encrypted at rest and records the consent scope and authorised data categories.
Active Consent
While consent is active, BankSync uses the tokenised connection to retrieve data on your behalf according to the schedule you configure.
- Syncs run on your configured schedule (or on demand) using the stored access token.
- Each sync request is scoped to the data categories and accounts you originally authorised.
- If a token expires or is invalidated by your bank, the sync pauses and you are prompted to reconnect.
- You can adjust sync settings, change destinations, or pause syncing at any time without revoking the underlying consent.
Consent Expiry
Some regulatory frameworks cap the maximum duration of a consent. BankSync gives you advance notice before expiry so you can choose to renew.
- Under the Australian CDR, consent has a maximum duration of 12 months (CDR Rule 4.14). BankSync notifies you in advance of expiry.
- UK Open Banking and US connections follow the token lifecycle set by your bank and the licensed provider.
- On expiry, syncs pause automatically. Your existing data in your destination is unaffected; nothing is deleted.
- You can renew consent at any time through the same provider-hosted consent flow used at initial grant.
Revocation & Deletion
You can revoke consent at any time through your bank, through the licensed provider, or through BankSync. Deletion is immediate and permanent.
- Revocation can be initiated via your bank's own consent management dashboard, the licensed provider's portal, or by disconnecting within BankSync.
- On revocation, BankSync immediately disables all syncs for the affected connection.
- The stored access token is invalidated and queued for deletion. Connection metadata (institution name, consent scope, sync history) is also queued for deletion.
- No further data is retrieved from your bank after revocation. Data already in your destination is not affected; BankSync does not reach into your Notion or Google Sheets to delete data that was previously synced.
- Account deletion triggers the same process across all connections simultaneously.
Your rights at any stage: Regardless of which regulatory framework covers your region, you retain the right to revoke consent and request deletion of your data at any time by contacting BankSync support, using your bank's consent portal, or through the licensed provider's own tools. See our Privacy Policy and Compliance page for region-specific contact details.
Connect Your Bank Securely
You're always in control. Revoke access anytime, from anywhere.
14-day free trial • Cancel anytime