Security · Privacy

Trust & Security

How Lait protects your money and your data, in plain language. No jargon, no certifications we do not hold, no fine print that contradicts this page.

Read-only accessPSD2 / AISPGDPREU-hostedAES-256

How we protect you

Read-only by design

Bank connections use PSD2 read-only access. We can never move, transfer, or spend your money.

Encrypted end to end

AES-256 at rest, TLS 1.3 in transit. Exchange API keys are encrypted and never returned in responses.

Secure sign-in

Authentication is handled by Clerk. You only ever see your own data.

Your data stays in the EU

Hosted on Neon (EU Postgres) and Vercel (EU edge), with full GDPR rights.

We never sell your data

No advertisers, no data brokers, no profiling, no credit scoring. Ever.

The difference

We tell you when a sync breaks

When a connection breaks or a consent is about to expire, we surface the real error instead of letting your numbers go stale in silence. You always know whether what you are looking at is live.

Revolut · sync failed

Consent invalid · 401 Unauthorized

The exact alert you would see.

Built on

The infrastructure behind Lait — chosen for security and EU data residency, not just convenience. The full list of processors, with each one’s purpose, lives in our Privacy Policy.

Enable BankingRegulated AISP

Read-only bank connections under PSD2

SnapTrade

Read-only brokerage connections

Clerk

Authentication & secure sign-in

Neon

EU-hosted Postgres database

Vercel

EU hosting · cookieless analytics

Sentry

Error & uptime monitoring

Optional AI — private by default

AI features are optional and opt-in. When you use them, we send only the minimum context needed — never your credentials, and never for advertising or profiling. You can use Lait completely without ever touching AI.

OpenAI

Transaction insights & advisor

Anthropic

AI advisor (Claude)

Google Gemini

Research & translation

In detail

Read-only Open Banking (PSD2)

When you connect a bank account, Lait uses Enable Banking as its licensed Account Information Service Provider (AISP) under PSD2. The connection is read-only by law and by design. We can see balances and transactions to build your dashboard, but we can never initiate a payment or move your funds. You authorize every connection through your own bank's login and consent screen. We never see or store your banking password. Consent is valid for up to 90 days, and we never renew it without you explicitly re-authorizing.

Encryption & credentials

Your data is encrypted at rest with AES-256 and in transit with TLS 1.3. Crypto-exchange API keys you provide are encrypted before storage and are never exposed in any API response. Where supported, we ask only for read-only exchange keys, so even a leaked key could not move your assets.

Authentication & access control

Sign-in is managed by Clerk, a dedicated authentication provider. Each account can access only its own data. There is no shared view. Administrative access is restricted to the platform operator, for support and maintenance only.

Where your data lives (GDPR)

All data is hosted on European infrastructure: a Neon Postgres database in the EU and the Vercel EU edge network. As a European service we comply with the GDPR. You can access, correct, export, or delete your data at any time, and revoke any bank or exchange connection from Settings. To exercise any right, write to privacy@lait.finance.

We never sell your data

Your financial data is used only to build your portfolio, categorize your transactions, and power features you asked for. We do not use it for advertising, profiling, or credit scoring, and we do not sell, rent, or share it with advertisers or data brokers. The only processors we use are the ones strictly needed to run the service: Clerk (sign-in), Enable Banking (Open Banking), SnapTrade (brokerage connections), Neon (database), Vercel (hosting, plus cookieless analytics and performance metrics), the AI providers behind our optional AI features — OpenAI, Anthropic, and Google (Gemini) — and Sentry for error monitoring. Each is listed, with its purpose, in our Privacy Policy.

Questions?

Security questions, data requests, or you just want to dig deeper? Write to a real person.