Please know that we've honestly tried our best to simplify the following article; however, in the interest of transparency, we wanted to go into a little more detail than usual.


How does LicenceOne connect to my bank?

At LicenceOne we decided to leave bank integrations to the tried, tested, and certified experts: BridgeAPI, Plaid and Nordigen.

When you add your bank as a data source, you will be redirected to our integration partner's interface to link your bank account and authorise LicenceOne access to the transaction data that our integration partner safely recuperated.


How does LicenceOne analyse my transactions?

  1. LicenceOne sends a request to our banking integration partners asking them to provide us with your bank transactions via an encrypted connection

  2. Once received, our algorithm compares each transaction against our database of applications that we can detect

  3. If a transaction matches an application in our database, we add it to your LicenceOne account and track it

  4. Our bank integration partners automatically categorise transactions for us. If they categorise a transaction as something like "software", we add it to a queue for a LicenceOne employee to double-check and verify if it's a software subscription

  5. If the LicenceOne employee verifies that it's a software subscription, we add it to your LicenceOne account and track it

  6. If a transaction doesn't match an application in our database and/or is rejected by a LicenceOne employee, we do nothing. That transaction is never saved nor stored in any database, nor is it used to improve some mysterious AI / machine learning algorithm

So that's it. We genuinely don't do anything else with your transaction data outside of some anonymised internal reporting (e.g. We have a report that indicates the "Amount of software spend tracked in LicenceOne").


Who are LicenceOne integrations partners, and what certification and regulations apply to them?

We have two bank integration partners:

  1. BridgeAPI - Used for our French banking integrations

  2. Plaid - Used for our North American banking integrations

  3. Nordigen - Used European Economic Area integrations

Both partners have gone through extensive certification and regulatory processes.

BridgeAPI

  • Are accredited by the French central banking authority to provide bank aggregation services in France, Germany, Spain, and the Netherlands (see here)

  • The provider of choice for companies like Sage, Cedgid and Experian

Plaid

  • Are ISO 270001, ISO 27701 and SOC 2 certified (see here)

  • The provider of choice for companies like Wise, Venmo, Expensify and Wave.

Nordigen

  • Are accredited by the Latvian Financial and Capital Market Commission to provide bank aggregation services in the European Economica Area (see here)

  • Are ISO 27701 certified

  • The provider of choice for companies like Entercard, Creditstar, and Authologic

In short, we didn't want to mess around so we chose the best.


Does LicenceOne have access to my bank username / password at any time?

No. It is impossible (technically and legally) for LicenceOne to see or access your bank username and password.


Do LicenceOne's banking integration partners have access to my bank username / password at any time?

No, unless they have no other option.

Most banking institutions allow our integration partners to access your data without sharing login credentials (via OAuth). If this connection method is available, our integration partners are obliged to use it.

If a banking institution does not allow OAuth connections, our integration partners will have no other alternative: your login credentials will be shared with them via an encrypted connection, encrypted at rest, and then used each time they re-synchronise your transactions.


Does LicenceOne see all of my transactions?

Our code does (temporarily), and our humans don't.

The only things that some humans at LicenceOne can see are the transactions linked to software spend or potential software spend, and this data is only used to help us improve our service and support you (like if you ask one of our support agents "Why did LicenceOne detect a software subscription for x?").


Is my banking data encrypted?

Yes, always: In transit, and at rest. By LicenceOne, and by our integration partners.

More specifically, that means that:

  • When data goes from your bank to our integration partners, it's encrypted in transit

  • When data arrives at our integration partners, it's encrypted at rest

  • When data goes from our integration partners to LicenceOne, it's encrypted in transit

  • When data arrives on LicenceOne services, it's encrypted at rest


What is LicenceOne technically capable to do with my banking data?

When you synchronise a bank account with LicenceOne, you only give us the technical scope to read the following data:

  • Your account name (e.g. "LicenceOne Current Account")

  • Your account type (e.g saving account, checking account etc.)

  • Your account transactions and related information (e.g. Transaction description, date, and amount)

To be clear, it is technically impossible for LicenceOne or any of its employees to:

  • Make a transaction on your behalf

  • Login to your bank account

  • Check your bank balance

  • See or store your bank login credentials


What do you mean by "help us improve our service"? That sounds fishy

Our services are improved when you sign a legally binding contract with LicenceOne to sell us your organs. OK, maybe now isn't the time to make jokes. Moving on...

When we say "help us improve our service", we mean that sometimes our bank integration partners pre-categorise transactions for us (i.e. they tell us that a transaction is related to software even if it doesn't exist in our database yet).

If that happens, we have a select few LicenceOne employees that manually verify that the transaction description matches a software subscription; then they add the identifier to our software detection database so that it can be detected for the next user.

So no AI algorithms, no selling your data to advertisers, and manipulation: if we think a transaction might be related to software, we check if it is; and if so, we add it to our database to help the next user that comes after you.

Did this answer your question?