Your Data Is Not Ours to Keep

BankSync is a conduit, not a vault. Here's exactly what we store, what we don't, and why.

“If we don't hold your data, no one can take it from us. That's by design.”

- The BankSync Team

Data HandlingWhat sticks vs. what flows through

Transient · never persisted

💳

Transactions

amounts, dates, merchants

💰

Balances

current & available

📈

Holdings

portfolio & trades

Held in V8 heap memory during sync · discarded immediately after forwarding

EDGE
WORKER

Stored · metadata only

🔑

Access token

encrypted, AES-256

⚙️

Feed config

schedule & field mappings

⏱️

Sync timestamps

last run, next run

Operational metadata only · no transaction or balance data

What We Store

BankSync retains only the operational metadata needed to run and audit your sync connections. This falls into three categories.

Connection metadata

Institution name and account type
Consent scope and authorised data categories
Consent status (active / expired / revoked)

Access credentials

Tokenised connection issued by the licensed provider
Encrypted at rest using AES-256
Never includes raw banking credentials

Operational records

Sync timestamps (last successful, last attempted)
Error logs for failed sync jobs
Feed configuration (schedule, field mappings, destination)
Audit log of state-changing actions (connect, revoke, delete)

These are the only records we keep long-term.

What We Never Store

Your financial data is never written to BankSync's persistent storage. The following categories are transient - they exist only in memory for the duration of a sync.

Transaction history (amounts, dates, descriptions, merchant categories)
Account balances (current and available)
Account holder details
Portfolio holdings and trade history (investment connections)

Technical detail: Transient data enters memory in an edge worker sync step spawned in the region closest to you. It is held only for the duration of the sync and forwarded directly to your destination. It is never written to disk or a database.

The Edge Worker Model

Each sync runs inside a short-lived edge worker - a lightweight execution environment that is spun up for the duration of the sync and then discarded. There is no shared long-running process that accumulates financial data over time.

Regional: Spawned in the region closest to you, reducing data transit distance during processing.
Ephemeral: Created for one sync, then destroyed. No state persists between sync runs.
Memory-only: Financial data lives in V8 heap memory only. Nothing is written to disk or a database.

Technical detail: Even a full server compromise cannot expose your banking data, because we simply don't hold it. Financial data passes through the edge worker in memory only and is never written to BankSync's persistent storage.

When You Delete

When you revoke consent or delete your account, the stored connection metadata and encrypted access token are queued for deletion. Because financial data is never written to persistent storage, there is no transaction or balance data to delete - it was never retained in the first place.

The only data deleted on revocation is the operational metadata listed above under “What We Store.”

Because we never store your transactions, there's nothing financial to delete. Deletion removes only the connection metadata.

Consent Lifecycle Back to Compliance

Secure by Design

Your financial data flows through BankSync, never into it.

Zero persistent financial data

Ephemeral edge workers

AES-256 encrypted tokens

Start Syncing Your Financial Data

14-day free trial • Cancel anytime