Security & Privacy
Your money. Your data. Yours.
Endute is built on bank-regulated Open Banking. Your credentials never reach our servers, and your financial data is ours to protect, never to sell.
Four commitments, built in
The guarantees that every Endute user gets, whether you’re on a free trial or a paid plan.
Bank-grade encryption
All data in transit is protected with TLS 1.3. All data at rest is encrypted with industry-standard algorithms.
Read-only access
Endute can see your transactions. We cannot move your money, not now, not ever. The access your bank grants us is strictly read-only.
No credentials stored
Your bank login never touches our servers. You authenticate directly with your bank, and we only receive the access token your bank issues.
Two-factor authentication
Enable MFA with any authenticator app (Google Authenticator, 1Password, Authy). Free on every plan, including the free trial.
How Open Banking works
You might wonder how Endute can see your transactions without knowing your bank password. Here’s how.
- 1
Pick your bank
Choose your bank from our list. We support thousands of banks across the UK, EU, US, and Canada.
- 2
Log in with your bank
You’re redirected to your bank’s official website or app. You authenticate using your normal login. Credentials never touch Endute’s servers.
- 3
Authorise Endute
Your bank grants Endute read-only access to the data you choose to share. You can revoke access any time, from Endute or from your bank’s own app.
Open Banking is a regulated framework: PSD2 in the UK and EU, and equivalent schemes in the US and Canada. Your bank remains in control of what data is shared and for how long.
Privacy, by design
Six promises other apps can’t make
Most privacy policies are written to protect the company. Ours is written to protect you. Here’s what that looks like in practice.
We don’t sell your data.
Not anonymised, not aggregated, not ever. Our revenue is your subscription, nothing else.
We don’t show ads.
You’re the customer, not the product. No sponsored content, no targeted advertising, no ad networks.
We don’t track you across the web.
No third-party pixels, no data brokers, no behavioural profiling. The web outside Endute stays private.
We host in the EU and US.
Your financial data lives in Germany or the USA. For UK and EU users, there’s no transfer to the USA.
Our analytics are anonymous.
We use analytics to understand which features people use, not who you are. Consent-based and cookie-free where possible.
Your data, your rules.
Export it, delete it, or walk away. GDPR rights (access, rectification, erasure, portability) are enforced automatically.
For the full detail, see our Privacy Policy and Terms of Use.
Compliance & regulation
The boring-but-important stuff. Here’s the regulatory framework that keeps you protected.
Regulated connections
Open Banking via regulated providers under PSD2 and equivalent frameworks.
GDPR by design
UK GDPR and EU GDPR compliant. Your rights (access, erasure, portability) are enforced automatically, not on request.
FCA compliance
Endute will be registered as an agent of Finexer Ltd, an FCA-regulated company, for operating in the UK. Follow updates in our company news or contact us for current status.
Endute is operated by Elision Ltd, registered in England & Wales. For data-protection enquiries, see our Privacy Policy.
Security, honestly answered
The questions people actually ask before connecting their bank.
- Can Endute see my bank password?
- No. Your bank login happens on your bank’s own website or app. Endute only receives the access token your bank issues after you authenticate. Your credentials never touch our servers.
- Can Endute move my money?
- No. The access your bank grants us is strictly read-only. We can see your transactions to help you budget and track net worth. We cannot initiate transfers, payments, or any changes to your accounts.
- Where is my data stored?
- In the European Union and USA, depending on where you live. For UK and EU users, there is no data transfer to the US.
- What happens if Endute is breached?
- We follow industry-standard protections: TLS 1.3 in transit, encryption at rest, least-privilege access, and regular security reviews. In the event of a breach affecting your data, we would notify you within 72 hours as required by GDPR.
- Can I delete my data?
- Yes, at any time. From within Endute you can revoke bank connections and delete your account. Once deleted, your data is removed from our active systems per your GDPR right to erasure.
- Does Endute sell data to third parties?
- No. We do not sell data, anonymised, aggregated, or otherwise. Our revenue comes from subscriptions, not from your personal information.
- Who handles the bank connection itself?
- We use regulated Open Banking providers. These providers are supervised by banking regulators and are responsible for the secure exchange of data between your bank and Endute. We never touch your credentials.