← Back to front page

Terms of Service

The terms that govern your use of open-banking.io.

Last updated: 11 June 2026

1. Who we are

open-banking.io is operated by Tatic ApS, a Danish private limited company (CVR 42532940), Mejsevej 2, Hadbjerg, 8370 Hadsten, Denmark, operating under the secondary name OpenBanking IO ApS. In these terms, "we" and "us" refer to Tatic ApS.

Questions about these terms: [email protected].

2. The service

open-banking.io is a hosted application and API. You sign in, connect one or more bank accounts through a PSD2 consent flow, and we retrieve your full statement — accounts and transactions — and keep it in sync. You can access your data through the web app, the API, and our open-source SDKs.

The service is an account information tool. It does not initiate payments, hold funds, or provide financial advice.

3. Account and eligibility

The service is for businesses and private users alike. You sign in with your existing identity provider (OIDC); we do not store passwords.

You are responsible for activity under your account and for keeping API keys and credentials confidential. You may only connect bank accounts you are authorised to access.

4. Bank consents via Enable Banking

Bank connectivity is provided through Enable Banking Oy (Espoo, Finland), a registered Account Information Service Provider (AISP) supervised by the Finnish Financial Supervisory Authority (FIN-FSA) under PSD2.

You give consent directly at your bank. We never see or store your bank credentials, and you can revoke a consent at any time — at your bank or by disconnecting the account in the app. Under PSD2, bank consents expire periodically and must be renewed; we notify you before a consent expires.

5. Fees, invoicing and payments

Fees follow your plan or order. Invoicing and card payments are processed by Flatpay, a Danish payment provider. We never store card details.

Invoices are due as stated on the invoice. If an account remains unpaid after reasonable notice, we may suspend access until payment is received.

6. Acceptable use

You agree not to:

  • connect or query bank accounts you are not authorised to access
  • circumvent authentication, rate limits, or other security measures
  • use the service for unlawful purposes or in breach of your agreements with your bank
  • resell or white-label the service without a written agreement with us

We may suspend access immediately where necessary to protect the service or comply with the law, and will tell you why.

7. Availability and changes to the service

We aim for high availability but do not guarantee uninterrupted operation. Planned maintenance is announced in advance where practical.

We improve the service continuously and may change or retire features. If a change materially reduces the service you pay for, we will notify you in advance so you can object or terminate.

8. Data and security

All data is stored and processed within the EU, encrypted in transit and at rest, in ISO/IEC 27001:2022-certified data centers. Bank data is processed only to provide the service and is deleted when you delete your account.

How we handle personal data is described in our Privacy Policy, which forms part of these terms.

9. Liability

Account and transaction data originates from your bank via Enable Banking; we present it faithfully but cannot guarantee its accuracy or completeness, and it is not financial advice.

Our total liability under these terms is limited to the fees you paid in the twelve months before the claim arose. We are not liable for indirect losses, including lost profits or lost data. Nothing in these terms limits liability that cannot be limited under Danish law, including liability for intent or gross negligence.

10. Termination

You can stop using the service and delete your account at any time; your bank data is then deleted, and any bank consents can be revoked at your bank.

We may terminate the agreement with reasonable notice, or immediately on material breach of these terms. Accrued payment obligations survive termination.

11. Governing law and contact

These terms are governed by Danish law, and disputes are subject to the jurisdiction of the Danish courts.

Contact us at [email protected]. Security vulnerability reports go to [email protected] — we acknowledge within 48 hours and ask that you coordinate with us before any public disclosure.