Our Privacy Approach
WonderFunds is built with a privacy-first architecture. We never connect to your bank, we encrypt the link between your identity and your financial data, and we comply fully with GDPR.
No Bank Connections
Unlike many finance apps, WonderFunds never connects to your bank account. You are always in control:
- You export statements from your bank and upload them to WonderFunds
- We never have your bank credentials
- We never access your bank account directly
- No third party can pull your financial data through us
Why this matters: Even if WonderFunds were compromised, attackers could not access your bank account because we never have that access in the first place.
Encrypted Identity Linking
WonderFunds uses a two-layer encryption system to protect the link between your identity and your financial data:
- Your account (email, name, password) is stored in the users table
- Your financial data (transactions, categories, sources) is stored separately, linked only by an encrypted token
- The encryption key that connects them is never stored in the database
This means that even a complete database breach would not reveal which financial data belongs to which user.
What We Store vs. What We Don't
| Data | Stored | Not Stored |
|---|---|---|
| Transaction amounts | Yes | |
| Merchant names | Yes | |
| Transaction dates | Yes | |
| Categories you assign | Yes | |
| Bank account numbers | Not stored | |
| IBANs | Not stored | |
| Card numbers | Not stored | |
| Raw uploaded files | Deleted after parsing | |
| Your bank credentials | Never collected |
GDPR Compliance
As a German company, WonderFunds fully complies with the EU General Data Protection Regulation:
- Right of access: Export all your data from Settings
- Right to erasure: Delete your account and all data from Settings
- Right to portability: Export your data in CSV format
- Data minimization: We only collect what's needed to provide the service
Data Breach Protection
Even in the worst case of a data breach:
- Financial data cannot be linked to user identities without the encryption key
- No bank credentials are stored (we never have them)
- No bank account numbers or IBANs are stored
- Passwords are hashed with bcrypt (cannot be reversed)
Account Deletion
You can delete your account at any time from Settings > Data & Privacy:
- Click Delete Account
- Confirm the deletion
- All your data is permanently removed, including the encryption key that links your identity to your financial data (crypto-shredding)
Warning: Account deletion is irreversible. All your transactions, categories, rules, and settings will be permanently deleted.