Is Steady Safe? How We Protect Your Financial Data

"Is it safe to connect my bank account to an app?" It's the most common question we get — especially from people exploring automatic spending tracking. Here's the honest, detailed answer.

How Steady connects to your bank

Steady uses Akahu — New Zealand's regulated open banking platform. Here's what that means:

Your bank login stays with Akahu

When you connect your bank in Steady, you're redirected to Akahu's secure page. You log in there. Steady never sees, stores, or has access to your bank password. Period.

Read-only access

Steady can see your account balances and transaction history. It cannot make payments, move money, or change anything in your bank accounts. It's like looking through a window — you can see in, but you can't reach through.

Revoke anytime

You can disconnect your bank from Steady at any time in Settings. This immediately revokes Akahu's access to your accounts. You can also revoke access directly at my.akahu.nz.

Encryption

In transit

All data between your phone, Steady's servers, and Akahu is encrypted with TLS (the same encryption your bank uses). Nobody can intercept your data in transit.

At rest

Sensitive data (like OAuth tokens) is encrypted with AES-256-GCM — the same standard used by governments and banks. Even if our database were somehow accessed, the encrypted data would be unreadable.

NZ regulations

Privacy Act 2020

Steady complies with the New Zealand Privacy Act 2020. You have the right to:

• Know what data we hold about you
• Request a copy of your data (Settings → Export)
• Request deletion of all your data (Settings → Delete Account)
• Complain to the Privacy Commissioner if you believe your privacy has been breached

FMA oversight

Akahu operates under the Financial Markets Authority (FMA) framework. As NZ transitions to official regulated open banking, Akahu is leading the compliance work.

What about AI?

When you use Steady's AI assistant, financial context is sent to Anthropic's Claude API:

• Spending totals and categories
• Recent transactions (merchant + amount)
• Goals and bills

What is NOT sent:

• Your name or email
• Bank account numbers
• Your bank login credentials

Anthropic does not train on data sent via their API.

What we don't do

• We never sell your data
• We never share individual data with advertisers
• We never access your bank credentials
• We never make payments from your accounts
• We never store your data outside of encrypted databases

The bottom line

Steady is as safe as your banking app. We use the same encryption standards, we're regulated by the same NZ authorities, and we give you full control to export or delete your data at any time. The only difference is that Steady can see across all your banks — giving you a complete financial picture in one place. Read more about how open banking works in NZ, or see all Steady's features and security details.

Frequently Asked Questions

How does Steady connect to my bank?

Steady uses Akahu, NZ's regulated open-banking provider, to securely access your transaction data. You authorise the connection through your bank's official login — Steady never sees your bank password. The connection is read-only; we cannot move money or make payments.

Can Steady access my bank password?

No. Open banking is designed so apps never see your bank credentials. You log in directly with your bank during the connection flow, and your bank issues a token that lets Steady read your data without ever transmitting your password.

Is my data shared with anyone?

Your financial data is never sold, shared with advertisers, or used for marketing. We send minimal financial context (balances, recent transactions, goals) to Anthropic when you use Ask Steady, with no personally identifiable information. Full details are at steady.nz/legal/privacy.

Can I revoke Steady's access to my bank?

Yes, anytime. You can disconnect the bank from within Steady, revoke access from your Akahu dashboard, or contact your bank directly. Revocation takes effect immediately — Steady stops receiving any new transaction data.

What happens to my data if I cancel Steady?

You can export all your data at any time from Settings → Data Export. When you delete your account, your data is permanently removed from our database within 30 days. Backups are purged within 90 days.