Budget in Confidence: How BudgetBakers Ensures Data Security

Around the world, hundreds of thousands of individuals and client companies trust BudgetBakers to provide secure, PSD2 Compliant financial data management solutions, including consumer facing and white-label apps, Open Banking APIs and machine learning based transaction labeling solutions. Trust is earned through long experience, and maintained by an every evolving information security management system. This system comprises client facing documentation and instruction, auditing, robust technical security solutions, and strict internal policies that maintain a high level of security awareness.


ISO certified

PCI DSS compliant

BudgetBakers is a world-leading PSD2 (Revised Payment Services Directive) licensed financial information services provider, operating under the strict oversight of the Czech National Bank and EU regulators. BudgetBakers is ISO 27001 certified in the scope of “developing, managing, and providing financial IT services”, as well as PCI DSS compliant, which represents a guarantee of high-security requirements and standards.

Data Storage and Credential Management

BudgetBakers employs a series of redundant encryption layers as well as one-way key encryption to protect your most valuable data. All communication is done via TLS encrypted channels. At no time and in no database are client credentials stored in any form of plaintext document, nor are they readable or otherwise accessible to our staff, nor are they accessible at any time to any third party, or non-banking entity to either read or use for any purpose. Our strict data management processes ensure that even in the unlikely event of a breach of our security, either physical or through cyberattack or cyber warfare, client data remains completely inaccessible and unreadable to any party not expressly authorized by you.

Our Infrastructure Security

Strong data security practices go beyond technological methods and practices. Most major data breaches occur because of flaws in security processes and so called “social engineering” attacks.

BudgetBakers protects from these sorts of attacks using strict security standards and limiting the possible access points to customer data. Our databases are maintained using Microsoft’s Azure Cloud, known for their world class physical and digital security. No employee, not even our top security developers, has direct access to customer data. All access to our systems requires multi-factor authentication, and there are no “super admin” user accounts that have privileged access to customer data.

BudgetBakers is subject to strict regular security audits and penetration tests in order to identify all possible risk factors to our digital network, our physical systems, an

General Data Protection Regulation (GDPR)

BudgetBakers handles personal data of end-customers located in over 80 countries, including individuals residing within the EU. Regardless of where our customers are physically located, we are legally and ethically obligated to maintain the high standards of data security and privacy mandated under the General Data Protection Regulation (GDPR) of the European Union. GDPR, a regulation set forth by the European Commission, Parliament, and Council of Ministers of the European Union, strictly protects the personally identifiable and private data of all customers of European companies, regardless of their locations or citizenships. As such all customers and users of BudgetBakers’ products and services are protected by this regulation, which requires that BudgetBakers be specifically and expressly authorized by the customer for each possible use of a customer’s private and personally identifiable information, and that customers may at any time, and for any reason, withdraw any such authorization and have their data permanently deleted from our systems in a timely manner.

Revised Payment Services Directive (PSD2)

BudgetBakers is licensed by the Czech National Bank (ČNB) as a Financial Information Services Provider in the European Union. This means that BudgetBakers meets the very stringent standards of the national banks of the EU for handling confidential customer financial data, with security practices, policies business practices and capabilities comparable to that of any licensed financial information services provider.

ISO/IEC 27001:2013

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. Being ISO 27001 certified in scope of “developing, managing, and providing financial IT services”, BudgetBakers demonstrates that its services meet the expectations of their customers and that the data is handled in accordance with the highest international security requirements and standards.

How it works