Skip to main content
CentProof logoCentProofDownload for Mac

Five questions to ask before you give an app your bank password.

~7 min read · Useful even if you decide to stick with the apps you already have

Personal-finance apps are competing hard for your data right now, and most of them ask for the same thing: your bank login. The pitch is usually some version of "connect your accounts and we'll handle the rest." Often that's fine. Sometimes it isn't. The hard part is that the trade-offs are buried inside terms-of-service documents most of us never read and aggregator agreements we don't see at all.

We build a competing product (CentProof) that deliberately doesn't do bank-login at all — it works from PDF statements you already download. So we have an obvious bias here. But the five questions below are worth asking regardless of which app wins your business, including ours. If a vendor can't give clean answers, that's worth knowing.

1. Where does my actual bank password go?

There are really only three answers, and they have very different implications:

  • Stored in the app's database. Some apps still do this, especially when they integrate with banks that don't support OAuth. Your literal bank username and password sit encrypted on the vendor's servers, and the app logs into your bank website as if it were you. This is the worst-case scenario and the one most people assume is illegal — it isn't, but it does shift legal liability for unauthorised access to you in a way most people don't realise.
  • Sent to a third-party data aggregator. You enter your bank credentials into a popup, the popup is hosted by a data-aggregator service (the same handful of companies power most consumer finance apps), and the aggregator stores either a token or your password, depending on whether your bank supports modern OAuth flows. Roughly half of US banks still don't.
  • Stored in your bank's OAuth system, never in the app. When this works, it works the way Google Sign-In does: the app gets a revocable token, your password never leaves the bank's domain, and you can disconnect from your bank's side. This is the best case. It also requires both your bank and your app to support it, which is far from universal.

The honest question to ask: which of these three is actually happening for my bank, today?The app's marketing page rarely says.

2. What does the "you authorised this" page in my bank's online portal say?

Most US banks have a page deep inside online banking that lists every third party currently authorised to read your account. It's usually called something like Connected Apps, Data Access, or Linked Services. It's worth finding, and it's often eye-opening — many people are surprised to discover an app they signed up for years ago still has read access to their account.

More interestingly: read what the bank actually says about that access. Most of them spell out, in plain language, that giving an aggregator your credentials shifts liability for unauthorised transactions in ways that go beyond what Regulation E protects. That's not legal advice — it's just what your own bank tells you when you read past the second paragraph.

3. Where does my transaction history actually live?

Cloud-sync apps need a place to store all the transactions they fetch on your behalf. That place is the vendor's servers — typically AWS, GCP, or Azure regions of their choosing — for as long as you have an account. Some store it in plaintext, some encrypted at rest, some claim client-side encryption with keys only you hold (read those architecture pages carefully).

The relevant question isn't which cloud they use. It's this: if their database were leaked tomorrow, would your financial history be inside it? For most cloud- sync apps the answer is yes, simply because the whole point of the service is fetching and storing that data for you. A breach affects every customer at once. Local-first apps move the data — and the breach risk — back to your own machine; the trade-off is that backups become your own problem.

4. What happens to my data if the app shuts down or gets acquired?

Consumer finance software has a long history of shutdowns, acquisitions, and pivots. A friend's favourite tool from 2018 may not exist in 2026. The relevant questions for you, the user, are practical:

  • Can you export everything? Look for a real export — CSV, OFX, QFX, JSON — not just a printable summary report. The export should include every transaction, your categorisation work, and any notes you've added.
  • Will the export still be available after the shutdown date? Most companies give 30-60 days. After that, the data goes to whoever bought the assets, or to deletion if the shutdown was clean.
  • Does the export include your bank-credential tokens? Of course not — and that's the bigger issue. Even if you save your CSV, you have to start over with a different tool, re-connect your banks, and re-do your categorisation work from scratch.

5. Can I walk away with my data — including my work — at any time?

This is question 4 phrased as a present-tense, ongoing promise instead of a hypothetical. The good vendors let you export your data at any time, in standard formats, no customer-service ticket required. That export should preserve your work, not just your raw transactions — the merchant cleanup, the categories you built, the notes you attached, the rules you wrote.

If walking away from a finance app means losing years of categorisation work, you're not really a customer — you're locked in. The simplest test: download the export today, open it, and see if you could rebuild your current workflow somewhere else if you had to. If you can't, that's worth knowing while you're still happy.

What if you don't want to answer these at all?

One way to make all five questions go away is to use a finance tool that never asks for your bank credentials in the first place. We built CentProof because we wanted exactly that — a Mac app that reads the PDF statements your bank already emails you, reconciles them to the cent, and keeps everything in a local SQLite database. No bank password. No cloud sync. Local AI for questions and merchant cleanup. The trade-off is that you have to drag in a PDF once a month instead of waiting for a cloud sync to fetch it. For a lot of people, that trade-off is worth it.

Whether you end up using CentProof or not, the five questions still apply to every finance app you use. The ones that can answer them cleanly are the ones worth trusting with your money.