Privacy by Design, Not by Promise
Most finance apps ask you to hand over your bank login. WonderFunds takes the opposite approach: you decide what data enters the system, and we make sure nobody — including us — can link it back to you.
No Bank Connections
WonderFunds never connects to your bank's API. Instead, you upload statements (CSV or PDF) yourself. This means:
- No third-party data aggregator ever sees your credentials
- You control exactly which transactions are imported
- There is no persistent link between WonderFunds and your bank
Encrypted Identity Linking
Your financial records are not stored under your user account. Instead, they're tied to a pseudonymous data token — a random identifier with no inherent connection to your email or name.
The link between your account and your data token is protected by a two-layer encryption scheme:
- Data Encryption Key (DEK) — encrypts the mapping between your account and your data token
- Key Encryption Key (KEK) — wraps the DEK itself, adding a second barrier
Even if an attacker gained full database access, they would face two layers of encryption before they could associate any financial record with a real person.
Tip
You can export all of your data at any time from Settings → Data Export. The export includes every transaction, category, and tag in a portable JSON format.
Raw File Deletion
When you upload a bank statement, WonderFunds parses it immediately, extracts the individual transactions, and then permanently deletes the original file. No CSV or PDF is ever stored long-term. Only the structured transaction data (date, merchant, amount, category) remains.
What We Store — and What We Don't
| Stored | Never Stored |
|---|---|
| Merchant name | Bank login credentials |
| Transaction amount | Account numbers / IBANs |
| Date & category | Your real name in data tables |
| Pseudonymous data token | Raw uploaded files |
GDPR Compliance
WonderFunds is built and hosted in the EU. You have the right to access, correct, and delete all of your data at any time. Deleting your account removes every record — financial data, categorization rules, and the encrypted identity mapping.
Warning
Account deletion is permanent and irreversible. Once confirmed, all financial data, custom rules, and AI-learned patterns are erased. Make sure to export your data first if you need a copy.
Our Commitment
We believe financial privacy is a right, not a premium feature. Every plan — including Free — benefits from the same encryption, file deletion, and pseudonymous architecture described above.