Every day, someone downloads Finanjo, looks at the screen asking them to connect their bank account, and pauses. The message I get most from new users isn’t a feature request or a complaint. It’s a question.
“Is this actually safe? Should I really be connecting my bank account to an app?”
It’s a fair question. A smart question, actually. You should ask it before connecting your financial data to anything. So let me answer it properly – not with PR language, but with the actual mechanics of how this works and why I built Finanjo on this framework.
To understand why AA is safe, you need to understand what came before it. And what came before it was genuinely not safe.
Before the Account Aggregator framework, if a finance app wanted to access your bank data, there were really only two ways to do it:
That second method, screen scraping, was the dirty secret of the fintech industry for years. Apps like Mint in the US, and several Indian equivalents, were built entirely on it. You trusted them with your password because there was no other option.
The Account Aggregator framework was built specifically to end this. It is India’s answer to the screen scraping problem – and it is a far better answer than what most developed countries have come up with.
An Account Aggregator is an RBI-licensed entity. Not an app, not a startup – a specifically licensed category of financial intermediary, regulated under the NBFC-AA Master Directions 2016 issued by the Reserve Bank of India.
The framework was created through a joint decision by five of India’s most powerful financial regulators: RBI, SEBI, IRDAI, PFRDA, and FSDC. That’s the central bank, the securities regulator, the insurance regulator, the pension fund regulator, and the financial stability council – all five aligned on a single consent-based data architecture. That kind of regulatory coordination is rare. It reflects how seriously this infrastructure was designed.
Think of the AA as a secure pipeline. It sits between your bank (which holds your data) and the app you want to use (which needs your data to serve you). It does one job: carry your data from source to destination, with your explicit consent, in fully encrypted form. That’s it.
Here is what makes this fundamentally different from everything that came before:
The Account Aggregator cannot read your data.
This is the technical detail that most people miss, and it’s the most important one. The AA is described in regulatory language as “data-blind.” Your financial data is end-to-end encrypted from the moment it leaves your bank. The AA cannot decrypt it, cannot store it, cannot see it. It is a courier that cannot open the package it is carrying.
These are not marketing promises. They are technical and regulatory requirements that every licensed AA must comply with. Finanjo uses a licensed AA to connect to your bank – which means every one of these applies to how your data flows through our platform.
1. No data sharing without your explicit consent
Every single data transfer requires your active approval. Consent is not a tickbox buried in terms and conditions. It is a structured, time-bound, purpose-specific authorisation that you give for each sharing event. You see exactly what data is being requested, which institution is requesting it, and for how long.
If you did not consent to it, the data does not move. The system is architecturally incapable of sharing data without a valid consent artifact.
2. The AA stores nothing
The Account Aggregator is prohibited, by regulation, from storing your financial data on its servers. It processes the encrypted data stream in transit and discards it. There is no AA database containing a copy of your bank transactions. There is no record sitting somewhere that could be breached and sold.
This is one of the most significant structural differences from the old screen scraping model. With screen scraping, your data was sitting on someone’s servers indefinitely. With AA, there is nothing to steal at the AA layer.
3. End-to-end encryption on every transfer
Your data is encrypted from source (your bank) to destination (the app you’re using) using RBI-mandated encryption standards. The encryption is applied before the data leaves your bank’s systems, and can only be decrypted by the authorised recipient – which, in Finanjo’s case, means your Finanjo account and only your Finanjo account.
In practical terms: even if someone intercepted your data in transit through the AA pipeline, they would see nothing readable. The mathematical keys to decrypt it do not exist at the AA level.
4. You can revoke access instantly, at any time
This is the control feature that I think matters most psychologically. With the old model, once you gave an app your password, there was no clean way to take it back. You could change your password and hope for the best.
With AA, consent is revocable at any point with a single action. If you decide today that you no longer want Finanjo to access your HDFC account, you revoke that consent. The data flow stops immediately. Finanjo receives no more data from that account from that moment onwards. There is no lag, no support ticket required, no grey area.
The power to disconnect is as simple and instant as the power to connect.
5. The AA cannot initiate any financial transaction
This one I want to be very direct about, because it is the fear that underlies the safety question most of the time. People worry: “if an app can see my account, can it move my money?”
The answer is categorically no. The Account Aggregator framework is read-only by design and by regulation. An AA is technically and legally prohibited from initiating, authorising, or executing any financial transaction. It can see. It cannot touch. Your money cannot move as a result of anything that happens in the AA ecosystem.
In August 2024, Sahamati (the industry body for the AA ecosystem) issued a public statement addressing reports of fraud involving Account Aggregator applications. I want to be transparent about this, because trust requires honesty about the whole picture, not just the good parts.
What happened: fraudsters exploited compromised SIM cards to access AA applications and gather customer data, which they then used for targeted phishing attacks. It was a real incident and it was taken seriously by the ecosystem.
What it was not: a breach of the Account Aggregator system itself. The AA infrastructure was not hacked. No data was stolen from the AA layer. The vulnerability was at the user’s device and SIM level – the same attack vector that affects any mobile application, from your bank app to your email.
The AA framework itself was not compromised. The fraud happened at the device layer, not the data layer. This distinction matters enormously.
Sahamati coordinated with cybersecurity experts, government agencies, and regulators in response. The AA steering committee published its response publicly. This kind of transparency and institutional response is itself a sign of a well-governed ecosystem.
The lesson from those incidents is the same lesson that applies to all digital finance: protect your SIM, enable SIM-lock, and be suspicious of unsolicited calls or OTPs. The AA architecture held. Human social engineering is a different problem – and one that no technical framework can fully solve.
I spent three years in Europe, partly at King’s College London studying international financial law, partly observing how apps like Cleo, Monzo, Emma, and Moneybox had changed the relationship between young people and their money. What struck me was not the features – it was the trust. People in the UK linked their bank accounts to these apps without anxiety because open banking regulation had created a framework that made it safe to do so.
India did not have that when I left. It had screen scraping, fragmented data, and finance apps that required your password. By the time I came back in 2025, Account Aggregators had changed that completely.
When I was deciding how to build Finanjo, I had options. SMS-based tracking – reading your transaction messages – is simpler to implement and works on more devices. But it is less accurate, captures only what comes through SMS, and gives users no control over what is shared or with whom.
I chose AA for three reasons:
Finanjo uses a licensed AA – meaning every guarantee I described above applies to how we handle your data. We do not store your raw bank data on our servers. We receive structured financial insights derived from your data, with your consent, to power Jo’s recommendations. You can revoke that access at any time from within the app.
As of December 2024 (I am waiting to hear the latest number too), the AA ecosystem had processed over 140 million consent-based data transfers. More than 110 million Indian users have linked at least one financial account through the framework. AA-enabled credit crossed ₹1.6 lakh crore in 2024-25, covering nearly 1.9 crore loan accounts.
These are not early adopter numbers. This is mainstream infrastructure. Every major bank in India – SBI, HDFC, ICICI, Axis, Kotak, and dozens more – is live on the AA network. SEBI, IRDAI, and PFRDA have all brought their regulated entities into the framework.
The question is no longer whether Account Aggregators are safe. The question is why you would use anything else.
When Finanjo asks you to connect your bank account, here is exactly what happens:
Jo, our AI assistant, uses this data to give you genuine financial insight – not generic advice, but insight specific to your actual spending patterns, your actual cash flow, your actual financial position. That level of personalisation is only possible with real data. And that data is only worth sharing if you can trust how it is handled.
The safety of Account Aggregators is not a promise Finanjo is making to you. It is a technical guarantee that the RBI has mandated, that five regulators have endorsed, and that the architecture itself enforces. We built Finanjo on this foundation because we believe your financial data deserves infrastructure-grade protection – not just a privacy policy.
If you have questions about how Finanjo specifically handles your data, write to us at [email protected]. I read those emails personally.
Every day, someone downloads Finanjo, looks at the screen asking them to connect their bank account, and pauses. The message I get most from new users isn’t a feature request or a complaint. It’s a question.
“Is this actually safe? Should I really be connecting my bank account to an app?”
It’s a fair question. A smart question, actually. You should ask it before connecting your financial data to anything. So let me answer it properly – not with PR language, but with the actual mechanics of how this works and why I built Finanjo on this framework.
To understand why AA is safe, you need to understand what came before it. And what came before it was genuinely not safe.
Before the Account Aggregator framework, if a finance app wanted to access your bank data, there were really only two ways to do it:
That second method, screen scraping, was the dirty secret of the fintech industry for years. Apps like Mint in the US, and several Indian equivalents, were built entirely on it. You trusted them with your password because there was no other option.
The Account Aggregator framework was built specifically to end this. It is India’s answer to the screen scraping problem – and it is a far better answer than what most developed countries have come up with.
An Account Aggregator is an RBI-licensed entity. Not an app, not a startup – a specifically licensed category of financial intermediary, regulated under the NBFC-AA Master Directions 2016 issued by the Reserve Bank of India.
The framework was created through a joint decision by five of India’s most powerful financial regulators: RBI, SEBI, IRDAI, PFRDA, and FSDC. That’s the central bank, the securities regulator, the insurance regulator, the pension fund regulator, and the financial stability council – all five aligned on a single consent-based data architecture. That kind of regulatory coordination is rare. It reflects how seriously this infrastructure was designed.
Think of the AA as a secure pipeline. It sits between your bank (which holds your data) and the app you want to use (which needs your data to serve you). It does one job: carry your data from source to destination, with your explicit consent, in fully encrypted form. That’s it.
Here is what makes this fundamentally different from everything that came before:
The Account Aggregator cannot read your data.
This is the technical detail that most people miss, and it’s the most important one. The AA is described in regulatory language as “data-blind.” Your financial data is end-to-end encrypted from the moment it leaves your bank. The AA cannot decrypt it, cannot store it, cannot see it. It is a courier that cannot open the package it is carrying.
These are not marketing promises. They are technical and regulatory requirements that every licensed AA must comply with. Finanjo uses a licensed AA to connect to your bank – which means every one of these applies to how your data flows through our platform.
1. No data sharing without your explicit consent
Every single data transfer requires your active approval. Consent is not a tickbox buried in terms and conditions. It is a structured, time-bound, purpose-specific authorisation that you give for each sharing event. You see exactly what data is being requested, which institution is requesting it, and for how long.
If you did not consent to it, the data does not move. The system is architecturally incapable of sharing data without a valid consent artifact.
2. The AA stores nothing
The Account Aggregator is prohibited, by regulation, from storing your financial data on its servers. It processes the encrypted data stream in transit and discards it. There is no AA database containing a copy of your bank transactions. There is no record sitting somewhere that could be breached and sold.
This is one of the most significant structural differences from the old screen scraping model. With screen scraping, your data was sitting on someone’s servers indefinitely. With AA, there is nothing to steal at the AA layer.
3. End-to-end encryption on every transfer
Your data is encrypted from source (your bank) to destination (the app you’re using) using RBI-mandated encryption standards. The encryption is applied before the data leaves your bank’s systems, and can only be decrypted by the authorised recipient – which, in Finanjo’s case, means your Finanjo account and only your Finanjo account.
In practical terms: even if someone intercepted your data in transit through the AA pipeline, they would see nothing readable. The mathematical keys to decrypt it do not exist at the AA level.
4. You can revoke access instantly, at any time
This is the control feature that I think matters most psychologically. With the old model, once you gave an app your password, there was no clean way to take it back. You could change your password and hope for the best.
With AA, consent is revocable at any point with a single action. If you decide today that you no longer want Finanjo to access your HDFC account, you revoke that consent. The data flow stops immediately. Finanjo receives no more data from that account from that moment onwards. There is no lag, no support ticket required, no grey area.
The power to disconnect is as simple and instant as the power to connect.
5. The AA cannot initiate any financial transaction
This one I want to be very direct about, because it is the fear that underlies the safety question most of the time. People worry: “if an app can see my account, can it move my money?”
The answer is categorically no. The Account Aggregator framework is read-only by design and by regulation. An AA is technically and legally prohibited from initiating, authorising, or executing any financial transaction. It can see. It cannot touch. Your money cannot move as a result of anything that happens in the AA ecosystem.
In August 2024, Sahamati (the industry body for the AA ecosystem) issued a public statement addressing reports of fraud involving Account Aggregator applications. I want to be transparent about this, because trust requires honesty about the whole picture, not just the good parts.
What happened: fraudsters exploited compromised SIM cards to access AA applications and gather customer data, which they then used for targeted phishing attacks. It was a real incident and it was taken seriously by the ecosystem.
What it was not: a breach of the Account Aggregator system itself. The AA infrastructure was not hacked. No data was stolen from the AA layer. The vulnerability was at the user’s device and SIM level – the same attack vector that affects any mobile application, from your bank app to your email.
The AA framework itself was not compromised. The fraud happened at the device layer, not the data layer. This distinction matters enormously.
Sahamati coordinated with cybersecurity experts, government agencies, and regulators in response. The AA steering committee published its response publicly. This kind of transparency and institutional response is itself a sign of a well-governed ecosystem.
The lesson from those incidents is the same lesson that applies to all digital finance: protect your SIM, enable SIM-lock, and be suspicious of unsolicited calls or OTPs. The AA architecture held. Human social engineering is a different problem – and one that no technical framework can fully solve.
I spent three years in Europe, partly at King’s College London studying international financial law, partly observing how apps like Cleo, Monzo, Emma, and Moneybox had changed the relationship between young people and their money. What struck me was not the features – it was the trust. People in the UK linked their bank accounts to these apps without anxiety because open banking regulation had created a framework that made it safe to do so.
India did not have that when I left. It had screen scraping, fragmented data, and finance apps that required your password. By the time I came back in 2025, Account Aggregators had changed that completely.
When I was deciding how to build Finanjo, I had options. SMS-based tracking – reading your transaction messages – is simpler to implement and works on more devices. But it is less accurate, captures only what comes through SMS, and gives users no control over what is shared or with whom.
I chose AA for three reasons:
Finanjo uses a licensed AA – meaning every guarantee I described above applies to how we handle your data. We do not store your raw bank data on our servers. We receive structured financial insights derived from your data, with your consent, to power Jo’s recommendations. You can revoke that access at any time from within the app.
As of December 2024 (I am waiting to hear the latest number too), the AA ecosystem had processed over 140 million consent-based data transfers. More than 110 million Indian users have linked at least one financial account through the framework. AA-enabled credit crossed ₹1.6 lakh crore in 2024-25, covering nearly 1.9 crore loan accounts.
These are not early adopter numbers. This is mainstream infrastructure. Every major bank in India – SBI, HDFC, ICICI, Axis, Kotak, and dozens more – is live on the AA network. SEBI, IRDAI, and PFRDA have all brought their regulated entities into the framework.
The question is no longer whether Account Aggregators are safe. The question is why you would use anything else.
When Finanjo asks you to connect your bank account, here is exactly what happens:
Jo, our AI assistant, uses this data to give you genuine financial insight – not generic advice, but insight specific to your actual spending patterns, your actual cash flow, your actual financial position. That level of personalisation is only possible with real data. And that data is only worth sharing if you can trust how it is handled.
The safety of Account Aggregators is not a promise Finanjo is making to you. It is a technical guarantee that the RBI has mandated, that five regulators have endorsed, and that the architecture itself enforces. We built Finanjo on this foundation because we believe your financial data deserves infrastructure-grade protection – not just a privacy policy.
If you have questions about how Finanjo specifically handles your data, write to us at [email protected]. I read those emails personally.
