What does LicenceOne do with my banking data?
Please know that we've honestly tried our best to simplify the following article; however, in the interest of transparency, we wanted to go into a little more detail than usual.
At LicenceOne we decided to leave bank integrations to the tried, tested, and certified experts: BridgeAPI, Plaid and Nordigen.
When you add your bank as a data source, you will be redirected to our integration partner's interface to link your bank account and authorize LicenceOne access to the transaction data that our integration partner safely recuperated.
LicenceOne sends a request to our banking integration partners asking them to provide us with your bank transactions via an encrypted connection.
Once received, our algorithm compares each transaction against our database of applications that we can detect.
If a transaction matches an application in our database, we add it to your LicenceOne account and track it.
Our bank integration partners automatically categorize transactions for us. If they categorize a transaction as something like "software", we add it to a queue for a LicenceOne employee to double-check and verify if it's a software subscription
If the LicenceOne employee verifies that it's a software subscription, we add it to your LicenceOne account and track it.
If a transaction doesn't match an application in our database and/or is rejected by a LicenceOne employee, we do nothing. That transaction is never saved nor stored in any database, nor is it used to improve some mysterious AI/machine learning algorithm
That's it. We genuinely don't do anything else with your transaction data outside some anonymized internal reporting (e.g. We have a report that indicates the "Amount of software spend tracked in LicenceOne").
We have three bank integration partners:
BridgeAPI - Used for our French banking integrations
Plaid - Used for our North American banking integrations
Nordigen - Used European Economic Area integrations
All partners have gone through extensive certification and regulatory processes.
BridgeAPI
Are accredited by the French central banking authority to provide bank aggregation services in France, Germany, Spain, and the Netherlands (see here)
The provider of choice for companies like Sage, Cedgid and Experian
Plaid
Are ISO 270001, ISO 27701 and SOC 2 certified (see here)
The provider of choice for companies like Wise, Venmo, Expensify and Wave.
Nordigen
Are accredited by the Latvian Financial and Capital Market Commission to provide bank aggregation services in the European Economica Area (see here)
Are ISO 27701 certified
The provider of choice for companies like Entercard, Creditstar, and Authologic
In short, we didn't want to mess around so we chose the best.
No. It is impossible (technically and legally) for LicenceOne to see or access your bank username and password.
No, unless they have no other option.
Most banking institutions allow our integration partners to access your data without sharing login credentials (via OAuth). If this connection method is available, our integration partners are obliged to use it.
If a banking institution does not allow OAuth connections, our integration partners will have no other alternative: your login credentials will be shared with them via an encrypted connection, encrypted at rest, and then used each time they re-synchronise your transactions.
Our code does (temporarily), and our humans don't.
The only things that some humans at LicenceOne can see are the transactions linked to software spend, or potential software spend, and this data is only used to help us improve our service and support you (like if you ask one of our support agents "Why did LicenceOne detect a software subscription for x?").
Yes, always: In transit, and at rest. By LicenceOne, and by our integration partners.
More specifically, that means that:
When data goes from your bank to our integration partners, it's encrypted in transit
When data arrives at our integration partners, it's encrypted at rest
When data goes from our integration partners to LicenceOne, it's encrypted in transit
When data arrives at LicenceOne servers, it's encrypted at rest
When you synchronize a bank account with LicenceOne, you only give us the technical scope to read the following data:
Your account name (e.g. "LicenceOne Current Account")
Your account type (e.g saving account, checking account etc.)
Your account transactions and related information (e.g. Transaction description, date, and amount)
To be clear, it is technically impossible for LicenceOne or any of its employees to:
Make a transaction on your behalf
Login to your bank account
Check your bank balance
See or store your bank login credentials
Our services are improved when you sign a legally binding contract with LicenceOne to sell us your organs. OK, maybe now isn't the time to make jokes. Moving on...
When we say "help us improve our service", we mean that sometimes our bank integration partners pre-categorise transactions for us (i.e. they tell us that a transaction is related to software even if it doesn't exist in our database yet).
If that happens, we have a select few LicenceOne employees that manually verify that the transaction description matches a software subscription; then they add the identifier to our software detection database so that it can be detected for the next user.
So, no AI algorithms, no selling your data to advertisers, and manipulation: if we think a transaction might be related to software, we check if it is; and if so, we add it to our database to help the next user who comes after you.
How does LicenceOne connect to my bank?
At LicenceOne we decided to leave bank integrations to the tried, tested, and certified experts: BridgeAPI, Plaid and Nordigen.
When you add your bank as a data source, you will be redirected to our integration partner's interface to link your bank account and authorize LicenceOne access to the transaction data that our integration partner safely recuperated.
How does LicenceOne analyse my transactions?
LicenceOne sends a request to our banking integration partners asking them to provide us with your bank transactions via an encrypted connection.
Once received, our algorithm compares each transaction against our database of applications that we can detect.
If a transaction matches an application in our database, we add it to your LicenceOne account and track it.
Our bank integration partners automatically categorize transactions for us. If they categorize a transaction as something like "software", we add it to a queue for a LicenceOne employee to double-check and verify if it's a software subscription
If the LicenceOne employee verifies that it's a software subscription, we add it to your LicenceOne account and track it.
If a transaction doesn't match an application in our database and/or is rejected by a LicenceOne employee, we do nothing. That transaction is never saved nor stored in any database, nor is it used to improve some mysterious AI/machine learning algorithm
That's it. We genuinely don't do anything else with your transaction data outside some anonymized internal reporting (e.g. We have a report that indicates the "Amount of software spend tracked in LicenceOne").
Who are LicenceOne integrations partners, and what certification and regulations apply to them?
We have three bank integration partners:
BridgeAPI - Used for our French banking integrations
Plaid - Used for our North American banking integrations
Nordigen - Used European Economic Area integrations
All partners have gone through extensive certification and regulatory processes.
BridgeAPI
Are accredited by the French central banking authority to provide bank aggregation services in France, Germany, Spain, and the Netherlands (see here)
The provider of choice for companies like Sage, Cedgid and Experian
Plaid
Are ISO 270001, ISO 27701 and SOC 2 certified (see here)
The provider of choice for companies like Wise, Venmo, Expensify and Wave.
Nordigen
Are accredited by the Latvian Financial and Capital Market Commission to provide bank aggregation services in the European Economica Area (see here)
Are ISO 27701 certified
The provider of choice for companies like Entercard, Creditstar, and Authologic
In short, we didn't want to mess around so we chose the best.
Does LicenceOne have access to my bank username / password at any time?
No. It is impossible (technically and legally) for LicenceOne to see or access your bank username and password.
Do LicenceOne's banking integration partners have access to my bank username / password at any time?
No, unless they have no other option.
Most banking institutions allow our integration partners to access your data without sharing login credentials (via OAuth). If this connection method is available, our integration partners are obliged to use it.
If a banking institution does not allow OAuth connections, our integration partners will have no other alternative: your login credentials will be shared with them via an encrypted connection, encrypted at rest, and then used each time they re-synchronise your transactions.
Does LicenceOne see all of my transactions?
Our code does (temporarily), and our humans don't.
The only things that some humans at LicenceOne can see are the transactions linked to software spend, or potential software spend, and this data is only used to help us improve our service and support you (like if you ask one of our support agents "Why did LicenceOne detect a software subscription for x?").
Is my banking data encrypted?
Yes, always: In transit, and at rest. By LicenceOne, and by our integration partners.
More specifically, that means that:
When data goes from your bank to our integration partners, it's encrypted in transit
When data arrives at our integration partners, it's encrypted at rest
When data goes from our integration partners to LicenceOne, it's encrypted in transit
When data arrives at LicenceOne servers, it's encrypted at rest
What is LicenceOne technically capable to do with my banking data?
When you synchronize a bank account with LicenceOne, you only give us the technical scope to read the following data:
Your account name (e.g. "LicenceOne Current Account")
Your account type (e.g saving account, checking account etc.)
Your account transactions and related information (e.g. Transaction description, date, and amount)
To be clear, it is technically impossible for LicenceOne or any of its employees to:
Make a transaction on your behalf
Login to your bank account
Check your bank balance
See or store your bank login credentials
What do you mean by "_help us improve our service_"? That sounds fishy
Our services are improved when you sign a legally binding contract with LicenceOne to sell us your organs. OK, maybe now isn't the time to make jokes. Moving on...
When we say "help us improve our service", we mean that sometimes our bank integration partners pre-categorise transactions for us (i.e. they tell us that a transaction is related to software even if it doesn't exist in our database yet).
If that happens, we have a select few LicenceOne employees that manually verify that the transaction description matches a software subscription; then they add the identifier to our software detection database so that it can be detected for the next user.
So, no AI algorithms, no selling your data to advertisers, and manipulation: if we think a transaction might be related to software, we check if it is; and if so, we add it to our database to help the next user who comes after you.
Updated on: 22/03/2023
Thank you!