---
title: "Managing your CDR consents and data sharing"
description: "View, renew, and withdraw the Consumer Data Right (CDR) consents behind your Australian bank connections, and understand what happens to data you share."
section: "Connecting banks"
canonical: "https://banksync.io/docs/connecting-banks/managing-cdr-consents"
---

When you connect an Australian bank, you do it through the Consumer Data Right (CDR), Australia's regulated open banking framework. BankSync acts as a CDR representative of Fiskil Pty Ltd, an Accredited Data Recipient (ADRBNK000246). This guide explains how to see and manage the consents behind your Australian connections, and what happens to data once you share it with a destination.

> **Australian connections only:** This guide applies to banks connected via the CDR (Australian institutions through Fiskil). US, Canadian, UK, and EU connections use different frameworks and don't appear in the Data sharing dashboard.

## Before you connect: what you're agreeing to

Before the Fiskil consent window opens, BankSync shows a short summary of what you're about to share, why, and for how long. It confirms that:

- BankSync accesses account details, balances, and transactions for the accounts you choose at your bank.
- The data is used only to sync to the destinations you set up.
- Your consent lasts up to 12 months, and you can withdraw it at any time.

You then complete the actual consent in your bank's own secure CDR window, never in BankSync. See [Connecting Australian banks](/docs/connecting-banks/australian-banks) for the full connection walkthrough.

![The pre-consent screen for connecting an Australian bank, explaining what data BankSync accesses, why, the 12-month consent duration, and the CDR representative relationship with Fiskil, with Continue to consent and Cancel buttons.](https://cdn.banksync.io/screenshots/banks/cdr-preconsent.77e57cc947c2e070.png)

## The Data sharing dashboard

Once you have at least one Australian bank connected, a **Data sharing** tab appears in **Settings**. It lists every CDR consent for the workspace, including past ones, and for each shows:

- **Status**: active, expired, or withdrawn.
- **What you're sharing**: the data types the consent covers (for example account details, balances, transactions) and the accounts it applies to.
- **Given on** and **Expires**: when you granted the consent and when it ends.
- **Where it goes**: the feeds currently routing this bank's data, and their destinations.

![The Data sharing settings panel listing CDR consents grouped by institution, each showing status, the data types and accounts shared, the dates given and expiring, the feeds the data flows to, and a Stop sharing action.](https://cdn.banksync.io/screenshots/settings/data-sharing.66a022c751c20d76.png)

> **This is your consent record:** The Data sharing dashboard is the consumer dashboard required under the CDR rules. You can also view and manage consents at Fiskil's hosted dashboard (consents.fiskil.app), linked from each consent.

## Sending CDR data to a destination

When you set up a feed from an Australian bank to a destination such as Google Sheets, Notion, Airtable, or Excel, BankSync asks you to confirm a disclosure before any data flows. This is required because the data is leaving the CDR-protected environment. The confirmation states, in plain terms:

- Data sent to the destination **will not be regulated as part of the Consumer Data Right** once delivered.
- It will instead be handled under applicable privacy law, including the **Privacy Act 1988 (Cth)**, and the destination's own privacy policy.
- You should review how that destination handles your data before continuing.

![The data sharing disclosure dialog shown before sending CDR data to Notion, stating the data will not be regulated as part of the Consumer Data Right, will be governed by the Privacy Act 1988 and Notion's privacy policy, with a link to review it and an I understand, send my data button.](https://cdn.banksync.io/screenshots/feeds/cdr-disclosure.2b686bf8ec2f9d93.png)

> **Once data leaves, CDR protections no longer apply:** After BankSync delivers data to your Notion workspace, spreadsheet, or database, that copy is governed by the receiving service's terms and the Privacy Act, not by the CDR. Review the destination's privacy policy, and remember that withdrawing your bank consent later does not pull back data already delivered.

You confirm this once per feed, and again whenever you change the feed's destination (a new destination is a new recipient). For a destination you operate yourself, such as your own database, you also confirm that you control it and can access the data delivered to it.

## Renewing an expiring consent

CDR consents are time-limited. As a consent nears its expiry, BankSync shows a reminder on the bank and in the Data sharing dashboard. When a consent lapses, the bank's data stops refreshing until you reconnect.

A consent within 30 days of expiry shows an "expires in N days" badge.

Use Reconnect to start a fresh CDR consent in your bank's window. Reconnecting creates a new
consent and replaces the previous one.

![The Data sharing section on a bank's detail view, showing the CDR consent status and expiry date, the data types being shared as chips, and Stop sharing and Manage data sharing actions.](https://cdn.banksync.io/screenshots/banks/consent-section.3e7999dd2bf333ab.png)

See [Reconnecting a bank](/docs/connecting-banks/reconnecting-a-bank) for the full re-authorisation flow.

## Withdrawing a consent

You can stop sharing at any time. Withdrawal takes effect immediately.

**Stop sharing a bank's data**

1. **Open Settings → Data sharing** — Find the consent for the bank you want to stop sharing.
2. **Choose Stop sharing** — Confirm in the dialog. BankSync revokes the consent with your bank straight away.
3. **What happens next** — BankSync stops collecting data from that bank immediately, and feeds that rely only on it are
   paused. Data already delivered to your destinations stays where you sent it. You can reconnect
   at any time.

> **What BankSync holds, and destroys:** 'BankSync does not store your transactions or balances at rest, reads are live. When you withdraw or a consent expires, BankSync also clears the small amount of working data tied to that bank and pauses dependent feeds. Your bank and Fiskil destroy their copies per the CDR rules.'

You can also withdraw directly from your bank, or from Fiskil's consent dashboard. Any of these takes effect across the chain.

## Records and complaints

You can request further records of how your CDR data has been handled (CDR Rule 9.5) by contacting <support@banksync.io>. For complaints and dispute-resolution options, see the BankSync CDR policy linked from the Data sharing dashboard. The Office of the Australian Information Commissioner (OAIC) is the CDR complaints authority.

## A note on AI assistants (MCP)

CDR-connected bank data is **not** currently available through BankSync's MCP server or AI assistants such as ChatGPT and Claude, while our accreditation partner reviews AI access to CDR data. You can still route your CDR data to a destination you control (a spreadsheet, Notion, Airtable, or your own database) and analyse it there.

## Related guides

- [Connecting Australian banks](/docs/connecting-banks/australian-banks): the full CDR connection walkthrough.
- [Reconnecting a bank](/docs/connecting-banks/reconnecting-a-bank): renew a lapsed CDR consent.
- [Creating your first feed](/docs/bank-feeds/creating-first-feed): send your bank data to a destination.
