Compliance
SOC 2
Flinks maintains SOC 2 Type II compliance, which verifies that our systems and processes meet strict standards for:- Security — Protection against unauthorized access
- Availability — Systems are operational and accessible
- Confidentiality — Sensitive data is protected from disclosure
Encryption
In transit
All data transmitted between your systems and Flinks is encrypted using TLS 1.2+ (Transport Layer Security). This includes:- API requests and responses
- Webhook payloads
- Flinks Connect iframe communication
At rest
All data stored by Flinks is encrypted at rest using industry-standard encryption algorithms. This applies to:- User credentials
- Financial data (account details, transactions)
- Uploaded documents
Data privacy
Flinks adheres to strict data privacy practices to protect end-user financial information:- Minimal data collection — We only collect and store data that is necessary to provide the requested service
- Access controls — Data access is restricted to authorized systems and personnel
- Data retention — Financial data is retained only for the duration required by your configuration
- No selling of data — Flinks does not sell end-user financial data to third parties
Frequently asked questions
Why do my users have to enter their bank password?
When using Flinks Connect (credential-based access), users enter their online banking credentials to authorize data sharing. This is a common and secure pattern used across the financial data industry. Here’s how it works:- Credentials are encrypted in transit and at rest — they are never stored in plain text
- Credentials are never shared with your application — only the resulting financial data is delivered to you
- Flinks acts as a secure intermediary between the user and their financial institution
- Users can revoke access at any time by contacting Flinks or their financial institution