How your data is accessed and used
Understand how your business financial data is collected, handled, and used
How we access your data
Your financial institution is using Codat and its technology to access and interpret the financial data of your business. Review this section to learn more about Codat and what we do.
What is Codat?
Businesses depend on a suite of software. Whether it's accounting programs like QuickBooks Online and Xero, Point-of-Sale systems like Zettle and Square, or eCommerce software like Shopify and Amazon Seller Central - these are the tools that make a business tick.
This software serves as the definitive source for a business's activities. Financial institutions need access to this data so that they can offer their services to the business.
For example, a lender can use accounting data to understand the risk profile of a business. However, it is often difficult to get data out of these programs.
That's where Codat comes in. We let the software and services businesses use talk to one another. Financial providers using Codat can view or modify their clients' business data quickly and securely and focus on delivering their core services.
What data does Codat provide access to?
Codat enables financial institutions to access your business' financial statements, including your P&L Statement and Balance Sheet. This is typically the same data that the financial institutions already collect from your business in other ways, such as by requesting an Excel or a PDF file.
What happens to my data?
Codat enables your financial institution to view, modify, or create business data depending on the agreement and the service they are delivering to you. They can only use Codat to access your data with your authorization.
Once you allow Codat this access, we process the data on behalf of your financial institution according to our agreement with them, strict internal policies, and the law.
We keep your data secure
Codat protects the security of your data. We never share your password and encrypt your data in transit and at rest.
We never alter your data
Codat doesn't add to, modify, or delete your data unless your financial institution instructs us to.
Where they do, this will be in accordance with the service they're providing you and terms you agreed to.
We keep you in control
Your data belongs to you. You choose when and how to share your data, and Codat never shares it with anyone else. You can withdraw your consent anytime.
We never share your data
Your provider gets to access your data only with your permission. We never sell data and don't share it with other Codat clients.
Is my data secure with Codat?
Codat employs a comprehensive data security program that is compliant with ISO 27001 and SOC2 frameworks. Our Trust portal provides the nitty-gritty details of our security program and its compliance with various standards and policies, such as our data security whitepaper, Cyber Insurance Policy, Risk Management Policy, and Data Classification Handling Policy.
Why is my financial institution using Codat?
To deliver their services to you, your financial institution needs access to your business data. We simplify the process of getting, synchronizing, and interpreting that data for them, reducing their administrative load and time spent on getting that data.
Codat is trusted by the world’s largest financial institutions, payments providers, business lenders, software companies, and more. If you'd like to know more about your financial institution's business processes and services that rely on Codat, you can reach out to them directly or refer to their terms of service.
How does Codat handle personal data?
The majority of financial or business data we collect is non-personal. Depending on the needs of your financial institution, we may also collect limited personal data (such as business contact details or information related to sole trader payers / payees contained in the company data).
Because of this, we always treat company data as sensitive to satisfy our own risk appetite and ensure compliance. Under the the UK and EU privacy legislation, your financial institution is considered the controller of this personal data, and Codat is considered its processor.
What happens to your data
Your financial institution doesn't own your data and can only access it with your authorization. In this section, we provide more detail about these aspects of accessing your data.
How do I consent to sharing my data?
When authorizing your financial institution's access to your financial data, you will go through a best-in-class consent journey that utilizes OAuth 2.0, industry-leading standard for online authorization.
This technology enables you to share your data directly from your accounting software without sharing sensitive login details with your financial institution. We also provide visibility into the types of data you will share and for what purpose.
You can always stop sharing your data from within your accounting software.
Who owns my data?
You remain the owner of the data that your financial institution collects. We will request your consent that gives us the right to use that data. You will provide this consent using our authorization flow functionality.
Do you sell the data my business provides?
No, we never sell your data. Your data is shared with your financial institution for the explicit purpose that you have authorized.
Addressing your concerns
You may have concerns about specific aspects of your financial institution's access of your data. We have addressed the most common concerns in this section.
I don't want to give access to my account
The process of sharing your data doesn't give your financial institution access to your account. Your consent simply allows your financial institution to use our technical integrations with your accounting or ERP software to receive the same financial data you already share with us. We do this using an encrypted digital connection with your software.
I'm worried about giving continuous access to my data
You are always in control of the digital connection your financial institution has to your data, so you can disconnect your software whenever you like. To do so, log in to your accounting or ERP software and follow the instructions for disconnecting linked apps. When you disconnect, your financial institution won't be able to access your financial data via the encrypted digital connection anymore.
We recommend leaving your data source connected. This way, your financial institution will be able to automate their loan monitoring process, and you won't be asked to regularly prepare and provide files with your business' finances. You will remain in communication with your financial institution, but the friction of preparing data will be removed.
I'm worried this opens me up to fraud
An encrypted digital connection is actually a much more secure way to share your sensitive financial data with your financial institution than files shared over email. This digital connection uses OAuth 2.0, the industry-leading standard for online authorization.
I don't want to share this much information
You won't share any more information than you already provide to your financial institution in a spreadsheet or a PDF. We will only access a snapshot of your business's financial position provided via a digital connection. The digital method of sharing data ensures you save valuable time instead of manually collecting and sharing financial information.
I don't want to provide my login details
The digital data sharing doesn't give us access to your login credentials. The sharing is done using OAuth 2.0, the industry-leading standard for online authorization. The process uses encryption keys and tokens, so your login information is never shared directly with your financial institution.
In simple terms, OAuth 2.0 is like a special key that lets us access data in your account without using your actual password. This keeps your online accounts secure. In turn, your financial institution will access your data from a web page that is separate from your accounting software.
I want to share a password-protected file instead
Passwords used in protected files can be easily decrypted. While they provide some security, they aren't a good solution for the regular sharing of large files and complex financial information.