Our Marketing Team at PopaDex
Is PopaDex Safe? Security, Privacy, and How Your Data Is Protected
Connecting your bank accounts to any app is a reasonable thing to worry about. You’re giving a company access to your finances. Before you do that, you should know what access they have, where your data goes, and who can see it.
This is how PopaDex handles security and privacy.
Read-only bank access
PopaDex uses open banking APIs to connect to your bank. These connections are read-only, meaning PopaDex can:
- See your account balances
- See your account names and types
PopaDex cannot:
- Move money between accounts
- Make payments or transfers
- Change your bank settings
- Access your bank login credentials
This is enforced at the API level by your bank and the open banking provider. PopaDex never receives your bank username or password.
How bank connections work
PopaDex connects to European banks through GoCardless (formerly Nordigen), which is a licensed Account Information Service Provider (AISP) under PSD2 regulation. For UK banks, connections go through FCA-regulated open banking.
The flow works like this:
- You select your bank in PopaDex
- You’re redirected to your bank’s own login page
- You authenticate directly with your bank (including 2FA if your bank requires it)
- Your bank grants read-only access to PopaDex through GoCardless
- PopaDex receives balance data, never your login credentials
This is the same framework used by accounting software, tax tools, and other financial apps across Europe.
Swiss data hosting
Your financial data is stored on servers in Switzerland. This matters for several reasons:
- Swiss data protection law (FADP) is among the strongest in Europe
- Switzerland is outside the EU but has an adequacy decision from the European Commission
- Data cannot be compelled by foreign government requests without Swiss court approval
- Physical server security meets banking standards
PopaDex does not store data in the US, which means your financial information is not subject to US surveillance programs or US-specific data laws.
Encryption
All data is encrypted:
- In transit: TLS 1.3 between your browser, PopaDex servers, and banking APIs
- At rest: AES-256 on all stored financial data
- Database level: Encrypted storage with access controls
Even if someone gained physical access to a server, your data would be unreadable without the encryption keys, which are stored separately.
What PopaDex doesn’t do
Some finance apps have business models that conflict with your privacy. PopaDex avoids all of them:
- PopaDex does not sell your financial data to advertisers, data brokers, or third parties.
- Unlike Empower (which uses free tools to funnel users into wealth management), PopaDex’s only revenue is subscriptions. There is no advisory upsell.
- PopaDex cannot move money. The connection is read-only at the API level.
- Your net worth is not shared, compared, or visible to other users. There are no social features.
Comparison with other apps
| Security feature | PopaDex | Empower | Kubera | Monarch |
|---|---|---|---|---|
| Read-only access | Yes | Yes | Yes | Yes |
| Data hosting | Switzerland | US | US | US |
| Revenue model | Subscription | Advisory fees | Subscription | Subscription |
| Data selling | No | No (but advisory data retention) | No | No |
| PSD2/FCA regulated | Yes | N/A (US only) | N/A | N/A |
| Open banking | GoCardless | Plaid | Plaid | Plaid |
Try PopaDex with confidence
PopaDex stores data in Switzerland. Read-only bank connections. AES-256 encryption. Start free, no credit card.
Common questions
Can PopaDex see my transactions?
PopaDex pulls balance data. Depending on your bank and connection type, transaction data may also be available for cash flow analysis. PopaDex never stores transaction data longer than needed for your dashboard.
What happens if PopaDex gets hacked?
All stored data is encrypted with AES-256. An attacker would see encrypted blobs, not readable financial data. Bank connections are tokenized, so PopaDex doesn’t store bank passwords. There’s nothing to steal that could be used to access your bank.
Can I delete my data?
Yes. You can delete your account and all associated data at any time. Deletion is permanent and includes all bank connection tokens, balance history, and personal information.
Does PopaDex comply with GDPR?
Yes. PopaDex complies with GDPR for EU users and the Swiss FADP. You have the right to access, correct, and delete your data.
Is the free plan less secure than Premium?
No. Security is identical across all plans. The free plan uses the same encryption, same Swiss hosting, and same read-only bank connections.