What does LicenceOne do with my banking data?
We really worked to make this article clear and concise. But to be transparent, we have to dig into more detail than our normal FAQ articles.
Contents
How does LicenceOne link with my bank?
How does LicenceOne analyse my transactions?
Who are LicenceOne's integration partners, and what certification and regulations apply to them?
Does LicenceOne have access to my bank username / password at any time?
Do LicenceOne's banking integration partners have access to my bank username / password at any time?
Does LicenceOne see all of my transactions?
Is my banking data encrypted?
What is LicenceOne technically capable to do with my banking data?
What do you mean by "help us improve our service"? That sounds fishy
At LicenceOne we decided to leave bank integrations to the tried, tested, and certified experts: BridgeAPI, Plaid and GoCardless.
When you add your bank as a data source, you will be redirected to our integration partner's interface to link your bank account securely and authorize LicenceOne to read the transaction data that our integration partner has safely recuperated.
LicenceOne sends a request to our banking integration partners asking them to provide us with your bank transactions via an encrypted connection
Once received, our algorithm compares each transaction against our database of business applications
If a transaction matches an application in our database, we add it to your LicenceOne workspace
Our bank integration partners automatically categorize transactions for us. If they categorize a transaction as something like "software", we add it to a queue for a LicenceOne employee to double-check and verify if it's a software subscription
If the LicenceOne employee verifies that it's a software subscription, we add it to your LicenceOne workspace
If a transaction doesn't match an application in our database and/or the pre-categorized transaction is rejected by a LicenceOne employee, we do nothing. That transaction is never saved nor stored in any database, nor is it used to improve some mysterious AI/machine learning algorithm
That's it. We genuinely don't do anything else with your transaction data outside some anonymized internal reporting (For example, we have a report that indicates the "Amount of software spend tracked in LicenceOne").
We have three bank integration partners:
BridgeAPI - Used for our French banking integrations
Plaid - Used for our North American banking integrations
GoCardless - Used European Economic Area integrations, except for France
All partners have gone through extensive certification and regulatory processes.
BridgeAPI
Are accredited by the French central banking authority to provide bank aggregation services in France, Germany, Spain, and the Netherlands (see their certification on the Banque de France database)
The banking data provider of choice for companies like Sage, Cedgid and Experian
Plaid
Are ISO 270001, ISO 27701 and SOC 2 certified (see here)
The provider of choice for companies like Wise, Venmo, Expensify and Wave.
GoCardless
Are accredited by the French central banking authority to provide bank aggregation services to provide bank aggregation services in the European Economic Area (see here)
Are ISO 27701 certified
The provider of choice for companies like Entercard, Creditstar, and Authologic
In short, we didn't want to mess around, so we chose the best.
No. It is impossible (technically and legally) for LicenceOne to see or access your bank username and password.
No, unless they have no other option.
All European banking institutions, and most USA and Canadian banking institutions, allow our integration partners to read your data without sharing login credentials (via OAuth). If this connection method is available, our integration partners are obliged to use it.
If an American or Canadian banking institution does not allow OAuth connections, our integration partners will have no other alternative: your login credentials will be shared with them via an encrypted connection, encrypted at rest, and then used each time they re-synchronise your transactions.
Our code can read up to 13 months of transaction history (temporarily), and our humans don't.
The only things that some humans at LicenceOne can see are the transactions linked to software spend, or potential software spend, and this data is only used to help us improve our service and support you (like if you ask one of our support agents "Why did LicenceOne detect a software subscription for x?").
LicenceOne always asks for a 13-month financial history from your financial data sources. But, some banks and virtual card tools might only give us 1 to 3 months transaction history.
Yes, always: In transit, and at rest. By LicenceOne, and by our integration partners.
More specifically, that means that:
When data goes from your bank to our integration partners, it's encrypted in transit
When data arrives at our integration partners, it's encrypted at rest
When data goes from our integration partners to LicenceOne, it's encrypted in transit
When data arrives at LicenceOne servers, it's encrypted at rest
When you synchronize a bank account with LicenceOne, you only give us the technical scope to read the following data:
Your account name (e.g. ACME Corp. current account)
Your account type (e.g saving account, checking account)
Your account transaction data (Transaction date, transaction description, and transaction amount)
To be clear, it is technically impossible for LicenceOne or any of its employees to:
Make a transaction on your behalf
Login to your bank account
Check your bank balance
View or store your bank login credentials
Our services are improved when you sign a legally binding contract with LicenceOne to sell us your organs. OK, maybe now isn't the time to make jokes. Moving on... 🙄
When we say "help us improve our service", we mean that sometimes our bank integration partners pre-categorise transactions for us (i.e. they tell us that a transaction is related to software even if it doesn't exist in our database yet).
If that happens, we have a select few LicenceOne employees that manually verify that the transaction description matches a software subscription; then they add the identifier to our software detection database so that it can be detected for the next user.
So, no AI algorithms, no selling your data to advertisers, and manipulation: if we think a transaction might be related to software, we check if it is; and if so, we add it to our database to help the next user who comes after you.
Contents
How does LicenceOne link with my bank?
How does LicenceOne analyse my transactions?
Who are LicenceOne's integration partners, and what certification and regulations apply to them?
Does LicenceOne have access to my bank username / password at any time?
Do LicenceOne's banking integration partners have access to my bank username / password at any time?
Does LicenceOne see all of my transactions?
Is my banking data encrypted?
What is LicenceOne technically capable to do with my banking data?
What do you mean by "help us improve our service"? That sounds fishy
How does LicenceOne link with my bank?
At LicenceOne we decided to leave bank integrations to the tried, tested, and certified experts: BridgeAPI, Plaid and GoCardless.
When you add your bank as a data source, you will be redirected to our integration partner's interface to link your bank account securely and authorize LicenceOne to read the transaction data that our integration partner has safely recuperated.
How does LicenceOne analyse my transactions?
LicenceOne sends a request to our banking integration partners asking them to provide us with your bank transactions via an encrypted connection
Once received, our algorithm compares each transaction against our database of business applications
If a transaction matches an application in our database, we add it to your LicenceOne workspace
Our bank integration partners automatically categorize transactions for us. If they categorize a transaction as something like "software", we add it to a queue for a LicenceOne employee to double-check and verify if it's a software subscription
If the LicenceOne employee verifies that it's a software subscription, we add it to your LicenceOne workspace
If a transaction doesn't match an application in our database and/or the pre-categorized transaction is rejected by a LicenceOne employee, we do nothing. That transaction is never saved nor stored in any database, nor is it used to improve some mysterious AI/machine learning algorithm
That's it. We genuinely don't do anything else with your transaction data outside some anonymized internal reporting (For example, we have a report that indicates the "Amount of software spend tracked in LicenceOne").
Who are LicenceOne's integration partners, and what certification and regulations apply to them?
We have three bank integration partners:
BridgeAPI - Used for our French banking integrations
Plaid - Used for our North American banking integrations
GoCardless - Used European Economic Area integrations, except for France
All partners have gone through extensive certification and regulatory processes.
BridgeAPI
Are accredited by the French central banking authority to provide bank aggregation services in France, Germany, Spain, and the Netherlands (see their certification on the Banque de France database)
The banking data provider of choice for companies like Sage, Cedgid and Experian
Plaid
Are ISO 270001, ISO 27701 and SOC 2 certified (see here)
The provider of choice for companies like Wise, Venmo, Expensify and Wave.
GoCardless
Are accredited by the French central banking authority to provide bank aggregation services to provide bank aggregation services in the European Economic Area (see here)
Are ISO 27701 certified
The provider of choice for companies like Entercard, Creditstar, and Authologic
In short, we didn't want to mess around, so we chose the best.
Does LicenceOne have access to my bank username / password at any time?
No. It is impossible (technically and legally) for LicenceOne to see or access your bank username and password.
Do LicenceOne's banking integration partners have access to my bank username / password at any time?
No, unless they have no other option.
All European banking institutions, and most USA and Canadian banking institutions, allow our integration partners to read your data without sharing login credentials (via OAuth). If this connection method is available, our integration partners are obliged to use it.
If an American or Canadian banking institution does not allow OAuth connections, our integration partners will have no other alternative: your login credentials will be shared with them via an encrypted connection, encrypted at rest, and then used each time they re-synchronise your transactions.
Does LicenceOne see all of my transactions?
Our code can read up to 13 months of transaction history (temporarily), and our humans don't.
The only things that some humans at LicenceOne can see are the transactions linked to software spend, or potential software spend, and this data is only used to help us improve our service and support you (like if you ask one of our support agents "Why did LicenceOne detect a software subscription for x?").
LicenceOne always asks for a 13-month financial history from your financial data sources. But, some banks and virtual card tools might only give us 1 to 3 months transaction history.
Is my banking data encrypted?
Yes, always: In transit, and at rest. By LicenceOne, and by our integration partners.
More specifically, that means that:
When data goes from your bank to our integration partners, it's encrypted in transit
When data arrives at our integration partners, it's encrypted at rest
When data goes from our integration partners to LicenceOne, it's encrypted in transit
When data arrives at LicenceOne servers, it's encrypted at rest
What is LicenceOne technically capable to do with my banking data?
When you synchronize a bank account with LicenceOne, you only give us the technical scope to read the following data:
Your account name (e.g. ACME Corp. current account)
Your account type (e.g saving account, checking account)
Your account transaction data (Transaction date, transaction description, and transaction amount)
To be clear, it is technically impossible for LicenceOne or any of its employees to:
Make a transaction on your behalf
Login to your bank account
Check your bank balance
View or store your bank login credentials
What do you mean by "help us improve our service"? That sounds fishy
Our services are improved when you sign a legally binding contract with LicenceOne to sell us your organs. OK, maybe now isn't the time to make jokes. Moving on... 🙄
When we say "help us improve our service", we mean that sometimes our bank integration partners pre-categorise transactions for us (i.e. they tell us that a transaction is related to software even if it doesn't exist in our database yet).
If that happens, we have a select few LicenceOne employees that manually verify that the transaction description matches a software subscription; then they add the identifier to our software detection database so that it can be detected for the next user.
So, no AI algorithms, no selling your data to advertisers, and manipulation: if we think a transaction might be related to software, we check if it is; and if so, we add it to our database to help the next user who comes after you.
Updated on: 18/08/2023
Thank you!