🛡️ Security First

Your financial data,
protected at every layer

We handle some of your most sensitive data. Here's exactly how we protect it — no vague corporate promises, just the real technical truth.

🔐

AES-256 Encryption

All bank statement data stored in our system is encrypted at rest using AES-256, the same standard used by banks and governments worldwide.

🌐

TLS in Transit

Every byte transmitted between your browser and our servers travels over TLS (HTTPS) encryption. Your data is never sent in plain text.

🏦

No Bank Link Required

We never ask for your internet banking credentials. Banksee works exclusively with file uploads — which means we can't access your accounts even if we wanted to.

🚫

Zero Data Sales

We do not sell, rent, or broker your financial data. Period. Our only source of revenue is your subscription fee — not your data.

👤

Strict Access Controls

Your data is isolated to your account. Our engineering team follows least-privilege access principles and all access to production data is logged and audited.

🔑

Secure Password Hashing

Your passwords are never stored in plain text. We use bcrypt hashing with salt to ensure even a breach cannot expose your credentials.

Transparency

Banksee vs. other financial apps

❌ Apps That Link to Your Bank
✅ Banksee
⚠️ Requires your banking login
File upload only — no credentials
⚠️ Holds live access to your accounts
Read-only, no live bank connection
⚠️ Can become a breach point
No credentials stored to steal
⚠️ Data used for ads & profiling
Data used only to serve YOU
⚠️ Third party API risk
You control what you upload
Technical Detail

Security architecture

Authentication

Session Security

Encrypted PHP sessions with HttpOnly, SameSite, and Secure cookie flags. Sessions expire automatically after inactivity.

Authentication

Login Protection

Account lockout after failed login attempts. Brute force protection built into our authentication system.

Payments

PayFast Integration

All payments processed by PayFast, a PCI-DSS compliant South African payment gateway. Banksee never sees your card number.

Input

CSRF Protection

All sensitive form submissions are protected with CSRF tokens to prevent cross-site request forgery attacks.

Files

File Validation

Uploaded files are validated for type, size, and content. Only PDF and CSV formats accepted. Files are stored outside the web root.

Database

SQL Injection Prevention

All database queries use prepared statements and parameterised queries to prevent SQL injection attacks.

Headers

Security Headers

X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, and Referrer-Policy headers are set on all responses.

AI

AI Data Handling

Transaction data sent to AI APIs is minimised and anonymised where possible. No personal identifiers are transmitted beyond what's needed for analysis.

🐛 Found a Security Issue?

We take vulnerability reports seriously. If you discover a security issue, please disclose it responsibly. We promise to respond quickly and never take legal action against good-faith researchers.

Report a Vulnerability →
© 2026 Banksee Financial Insights. All rights reserved.  |  Privacy Policy  |  Terms & Conditions  |  Contact