We do not store bank passwords
Open Banking connections use provider authorization flows. Purely never asks you to type your bank password into Purely.
Security Center
Trust controls for your financial workspace
Purely is designed for accountant-ready finance reporting, not custody or payment initiation. This page explains how bank data, CSV imports, tokens, exports, and deletion controls work.
Bank access is read-only where applicable
Connected bank data is used to import balances and transactions for reporting. Purely is not built to initiate bank payments.
Tokens are encrypted
Provider credentials and refresh tokens are encrypted before storage and are not included in user-facing exports.
You can remove sources
Delete a source or revoke an Open Banking connection from settings to remove the connection and its synced workspace data.
You can export or delete your data
Privacy settings include a JSON export, full workspace data deletion, account deletion, and session revocation controls.
CSV uploads stay under your control
CSV files are parsed into import batches. You can undo a batch, and exports avoid raw provider payloads by default.
Sensitive data is not sold
Purely does not sell sensitive financial data. We use your account, source, and transaction data to provide the product: imports, categorization, analytics, reports, exports, and subscription management.
User exports are intentionally sanitized: they include useful workspace records but avoid encrypted provider tokens and raw bank payloads unless a future product design explicitly requires a separate raw export.
Contact security
For account support, privacy requests, or a suspected security issue, contact: