Security & Compliance
Beluga is built on bank-grade security and regulatory compliance. We are a read-only AISP — we never initiate payments or see your bank login credentials.
FCA Regulated
Authorised AISP
GDPR Compliant
UK & EU data protection
Open Banking
Certified APIs
Bank-grade
AES-256, TLS 1.3
Regulation
Beluga is authorised by the Financial Conduct Authority (FCA) as an Account Information Service Provider (AISP). We comply with UK GDPR and the Data Protection Act 2018. Our Open Banking integration uses certified providers (e.g. Plaid, TrueLayer) and follows the Open Banking Implementation Entity standards.
Technical security
- •Encryption in transit: TLS 1.3 for all connections.
- •Encryption at rest: AES-256 for stored data.
- •Data minimisation: We only access data necessary for our services.
- •No credentials stored: We never see or store your bank login details.
Read-only, no payments
Beluga is an Account Information Service only. We aggregate and display your account data. We cannot initiate payments, transfer funds, or make changes to your bank accounts. You authorise read-only access when you link your banks.
Audits and testing
We conduct regular security reviews and penetration testing. Our systems are designed to meet industry standards for handling financial data.
Frequently asked questions
- Is Beluga FCA regulated?
- Yes. Beluga is an Authorised Payment Institution (AISP) regulated by the Financial Conduct Authority.
- Does Beluga store my bank login credentials?
- No. We use Open Banking APIs so you authorise your bank to share read-only data. We never see or store your login details.
- How is my data encrypted?
- Data is encrypted in transit (TLS 1.3) and at rest (AES-256).