Connecting your money to an app is a big ask. Here's exactly how we keep it safe, in plain English.
The 60-second version
If you connect a bank, Bearings uses open banking, a secure, regulated way to share read access to your account information. That means Bearings can read your transactions and balances to do its job, and nothing else. Only a different kind of provider (a payment initiator) can move money, and Bearings is not one. It is information-only, by design.
You can also use Bearings with no bank connection at all. Upload a statement or type your balance. Plenty of people start that way.
When you connect, you're handed to your bank's own secure login page to approve the connection. Bearings never sees, asks for, or stores your banking password or security codes. Your consent lasts up to 90 days before your bank asks you to renew it, and you can disconnect at any time, from Bearings or from your bank's app.
Bearings makes money from subscriptions, not from advertising and not from your data. We have never sold, and will never sell, your personal data. That includes “anonymised” or aggregated transaction data, which is the loophole some free apps rely on. We don't.
Your data is encrypted both in transit (TLS) and at rest (AES-256) by our infrastructure providers. Bearings is built on Supabase and Cloudflare, platforms that are independently SOC 2 audited, and access to your data is locked to your account at the database level, so one user can never see another's information. We collect only what we need to run the app for you.
Where you connect a bank, that connection is provided through TrueLayer, an open banking provider authorised and regulated by the Financial Conduct Authority (FCA reference 901096). Bearings itself is not a bank and is not an FCA-authorised firm. It is a budgeting and information tool that reads your data through that regulated connection. Bearings is also not a financial adviser; figures like Safe-to-Spend are estimates to help you think, not regulated advice.
We handle your personal data in line with UK GDPR. See our Privacy Policy for the detail.
From Settings you can download a complete copy of everything we hold about you, or permanently delete your account and all your data, with no email and no waiting. More on your rights is in our Privacy Policy.
If a data breach ever affected your information, we'll tell you and the ICO promptly, in line with our legal duty to report within 72 hours of becoming aware, and explain what happened and what to do.
Found a vulnerability? Please tell us at security@bearings.money. We welcome good-faith research and won't pursue legal action against researchers who act responsibly, avoid privacy violations and data destruction, and give us a reasonable chance to fix the issue before disclosing it.
Anything else, reach us at hello@bearings.money.