Security
Read-only
by design.
Your money. Your data. We're not the bank. We can't move anything. Five things every Steerplan user can verify before they connect their first account.
FCA-registered.
Steerplan Ltd is on the FCA register as a PSD Agent of Yapily Connect Ltd (FRN 827001). We operate under their FCA-authorised AISP licence to read Account Information from UK banks.
Verify on the FCA registerConnections via Yapily.
We never see your bank login. You authorise Yapily directly with your bank using their official OAuth flow. Steerplan only ever receives signed, time-limited Account Information tokens.
We can never move your money.
Open Banking permissions in the UK are split into Account Information (read) and Payment Initiation (move). Steerplan is registered as an Account Information agent only. Even with full bank access, we have no technical or legal ability to initiate a transaction.
AES-256 at rest, TLS in transit.
Every byte of bank data is encrypted with AES-256 when stored and TLS 1.3 in transit. Tokens rotate. No one at Steerplan has access to your raw bank data outside of the secure pipelines that produce your AI insights.
Never trained on, never sold.
Your transactions, your balances, your conversations with the AI are never used to train external AI models, and never sold to third parties. The AI runs on Anthropic and OpenAI API endpoints with their default no-training policies. You can delete your account at any time, and request a full export of your data in line with UK GDPR.