When someone asks how Hasanah protects bank data, they usually want more than a vague promise that everything is secure. They want to know who handles bank credentials, what account information the app actually receives, which providers are involved in linking and payment processing, and what they can do if they want to pause, disconnect, or delete later. Hasanah's public policies give enough detail to answer those questions directly.
The most important security point is simple: Hasanah does not directly store your online banking password. Account-linking credentials are handled by the linking provider instead. That matters because it reduces how much of the most sensitive login information flows through Hasanah itself. It does not mean the product has no financial data at all, but it does mean there is an important boundary between your bank login and Hasanah's own systems.
Hasanah still needs real account and transaction information to run the product. That includes institution information, masked account details, transaction dates, transaction amounts, transaction descriptions, merchant-related data, verification status, payment history, and other records tied to roundups and weekly donations.
Security is not only encryption and vendors. It is also about what the donor can do after setup. Hasanah gives users ways to pause participation, skip a cycle, disconnect linked accounts, and request account deletion. Those controls matter because a secure product should not feel like a one-way door. If someone changes their mind, changes banks, or simply wants to stop using the service, they need a clear path out.
Before linking a bank account, a cautious donor should review five things. First, whether the app stores bank passwords directly. Hasanah does not. Second, what transaction and payment data the service actually receives. Third, which companies are handling linking and ACH. Fourth, how failed withdrawals, pauses, and cancellation work. Fifth, what happens if you want your data deleted later. Those are the questions that turn 'is this safe?' into a real decision instead of a gut feeling.
No. Online banking login credentials are handled by the account-linking provider rather than being collected or stored directly by Hasanah.
Yes. Hasanah may receive transaction descriptions, merchant-related data, dates, amounts, and similar information needed to provide the service.
Hasanah needs transaction data to identify eligible purchases, calculate roundups, track cycle totals, and support payment and donation records.
Plaid handles account linking and financial-data access. Stripe handles ACH and payment operations. They support different parts of the workflow.
Yes. Users can pause participation, skip a cycle, disconnect linked accounts, or request account deletion.
Yes. Hasanah provides an in-app deletion flow and an outside-the-app request path through support.