How your data is handled

Plain language, no fine print. What we read, what we keep, and what we will never do.

Bank access uses AIS (Account Information Services), the EU's read-only open-banking standard. What is AIS? →

We never sell or share it. Not to advertisers, not to anyone.
Read-only by design. Bank access is AIS — Account Information Services only.
Delete it anytime. Gone means gone — no "anonymized" copies.

What happens to your data, step by step

  1. You connect an inbox (and, when you want, your bank). For the bank you log in on your bank's own page — we never see your bank password.
  2. Your bank hands a regulated EU company, Enable Banking, a temporary read-only ticket (valid 90 days under PSD2). For email, you grant read-only access to receipts.
  3. FireLink reads your receipts and recent transactions, and looks for patterns — same merchant, similar amount, regular interval.
  4. When something looks like a subscription, bill or order, we clean up the name ("NETFLIX.COM AMSTERDAM" → "Netflix") and save just that: name, amount, how often, next charge.
  5. We store the detected items (and the receipt, so you can open the original bill) on EU servers, encrypted at rest. We don't build an advertising profile.
  6. You open the app and see everything you're paying for, in one place — across every inbox and bank you connected.
  7. Every 90 days the bank ticket expires — EU rule, not ours. We warn you 14 days, 7 days, and on the day. One tap to reconnect.
  8. When you leave: Delete account wipes your data and revokes the bank/email access. We don't keep summaries or analytics about you.

Honest note: we don't claim "we mathematically can't see your data." Our automated detection runs on our server, so it has to read it to work. What we promise: no person browses it, it's never sold, and you can wipe it whenever you like.

What “AIS only” means

AIS — Account Information Services is the read-only side of EU open banking (PSD2). With your consent, a licensed provider can read your account and transaction information for up to 90 days at a time. It is deliberately separate from PIS (Payment Initiation Services) — the part that can actually move money — which FireLink does not use and is not licensed for. Our provider, Enable Banking, is an authorised account-information provider regulated by Finland's financial supervisor (FIN-FSA).

Questions, answered straight

Will FireLink sell my data?

No. Our only income is people paying for the app. The moment we sold data the trust is gone and so is the business.

Will you use my data for ads?

No ads, no ad tools, no third-party trackers, no profiling. The only thing we collect beyond what you connect is crash reports, and those don't contain your receipts or transactions.

What does FireLink actually read?

Your email receipts, and — when you connect it — your bank transactions. On email we look at order/receipt/billing messages to spot recurring charges (we read, we never send or delete). On bank we read recent transactions through Enable Banking.

Can your staff see my data?

It's stored in our database, so we won't pretend it's impossible. What we promise: no person sits and reads your subscriptions, access is locked down, it's never sold or used for ads, and you can delete it anytime. We'd rather be honest than overclaim.

Is my bank password stored anywhere?

You never type it into FireLink. You log in on your bank's own page; your bank tells Enable Banking you're OK sharing transactions for 90 days. Your password stays between you and your bank.

Can FireLink move money?

No, by design. We use read-only access (AIS) — we can read transactions and balances, full stop. Moving money needs a different license (PIS) we don't have and won't get.

Why reconnect the bank every 90 days?

EU rule (PSD2), not ours. We warn you 14 days out, 7 days out, and on the day. Reconnecting is one tap.

Will my bank charge me?

No. PSD2 makes banks provide this read-only access through licensed providers for free.

Can I delete or export my data?

Yes. Disconnect any inbox or bank and the data it brought in is removed on the spot — that part is one tap, today. For a full export (JSON/CSV) or a full wipe of your account, email hello@getfirelink.app and it’s done within days, no paywall. One-tap export and delete-account are coming to the app.

Multiple banks or email addresses?

Connect as many as you want. We read receipts from every inbox and charges from every bank, and merge it all into one view.

Which banks and countries?

Enable Banking covers most major EU/EEA banks; coverage varies by country, and we show you the list before you commit.

Why not just say "we anonymize everything"?

Because receipts and transactions have merchant names in them — that's literally how we detect "Netflix." If we scrubbed the names we couldn't do the job. So we don't pretend: we store only the detected items, on EU servers, and you can wipe them anytime.

Privacy contact?

hello@getfirelink.app. To escalate, ANSPDCP (Romania's data-protection authority) takes formal complaints directly.