Security

Your data, accessed only with your permission.

Every connection is opt-in, every request is logged, and access is revocable at any point.

ISO 27001:2022 certified

Independently audited information security management

Encrypted in transit and at rest

TLS 1.2+ and AES-256 across all storage

Consent-first

No data is accessed without explicit user authorisation

Full audit trail

Every request is logged and attributable

Revocable access

Users can disconnect accounts at any time

IP allowlisting

Restrict API access to known network ranges

POPIA compliant

Aligned with South Africa Protection of Personal Information Act 2013

Scoped API keys

Keys are created with minimum required permissions

Infrastructure

BankLink connects to South African financial institutions through regulated open banking channels and secure integrations. All API traffic runs over HTTPS. Credentials are never stored in plaintext.