Looks very promising! However I'm really concerned about the security part. Entering my credentials to all my financial platforms doesn't look very secure. Also how do you handle GDPR concerns by storing users' credentials to financial platforms without using any integrations instead? How do you make sure credentials are stored securely and they won't be compromised locally or externally? I can see a huge risk if all that data gets leaked somewhere!
* Edit (reply): Since I didn't receive the reply on LinkedIn I'll share my observations here, publicly. So, you're using the platform flanks.io for accessing your users banks and other financial platforms. There's not much about this company on the internet. On their website I can see their security whitepaper, but no information about any security certification or something what could improve trust, just a plain blabla data. No 3rd party audits, nothing. Me and you don't even know how their infrastructure is really set up and how they handle the data. They state that they use only read-only access to users financial platforms. Upon entering my Revolut credentials only after I've realized I gave my pin code to the app to them and authorized a device (firefox instance) to access my Revolut account. Even if they state it's read-only, having access to my Revolut account, storing my PIN code and having their device added into my account's authorized device list isn't very secure. IF someone at flanks.io (some angry engineer) or someone outside gets access to their servers they can freely access any user's financial platforms not just in read-only format. Having authorized device and knowing the pin code allows the attacker to use your account however they want. They can even change the pin code, take the loan and transfer money to themselves. It sounds really convenient and easy, the service you provide. But giving out security to some 3rd party provider (flanks.io) and vouching for it's security (without any ISO certification or independent audit) is very brave statement. You don't even have any CISO or security personnel on your side (at least I couldn't find any). So from my POV giving out users financial platforms access so easily is a huge security risk. I wonder what will happen and how you're going to mitigate consequences of data breach, which could end up with financial platforms credentials of thousands of people on darknet. Anyone who's considering using this platform - please make sure you know what you're doing and you're ok with such a huge risk.
