Security and Kontist

It has never been easier to manage your business finances as a freelancer - but easy shouldn’t mean unsecured. Kontist has a number of safety measures in place to make sure your money, your account and your business information are always protected.

Protecting your privacy

Kontist is committed to protecting your personal information and ensuring that you are in control of your data.

There have been big changes in data in 2018, with PSD2 and GDPR, two major EU regulations relevant to banks, coming into force more or less at the same time. PSD2 mandates access for third parties to bank account information and GDPR creates a framework for protecting personal data based on individual consent.

Although it sounds like the two are in conflict - one mandating access and the other mandating privacy - we see this as an opportunity. It’s an opportunity for you as a customer to have full access to your banking data, and the choice to share it with third parties for a richer, more personal banking experience- while also retaining control over what personal data gets shared. The two laws complement each other, and we believe they make trust in an open banking possible.

For several months, Kontist has been working towards achieving compliance with the GDPR. We assessed the new requirements arising from the GDPR and have taken the necessary steps to ensure that we process all customer and user data in accordance with the General Data Protection Regulation by the May 2018 deadline. In cooperation with our banking partner solarisBank, we have adapted and agreed our terms and conditions.
For more information, you can read our amended terms and conditions and privacy policy and the updated solarisBank data processing policy.

Full list of changes resulting from the GDPR

How we secure your data

Kontist is built on a reliable infrastructure, which allows us to share your information with your accounting service when you opt-in. We work closely with these partners to develop integrations that ensure the privacy and security of integrated users.

Kontist Push API Flow

Secure integrated solutions

Our integrations are custom built through direct collaboration with each accounting partner. All accounting integrations share relevant bank data directly with our partners, which eliminates the risk of incorrect or delayed data transmission.

Third party access under your control

The Kontist push API only shares your data with the accounting systems you’ve authorized. Disconnecting your integration stops the transmission of new data and removes all accounting data from the Kontist app. For legal reasons, you need to delete synced banking transactions directly in your accounting system.

Authentication by user, not by third-party

Your bank data is only shared with an accounting system after you set up the integration by logging into your accounting system through the Kontist app. You can disconnect the integration at anytime.

Encrypted transmission

Your data will always be SSL-encrypted when transmitted between Kontist and our integrated partners. Your data is only accessible using a unique security-token that is specific to you and your integration.

How we protect your business bank account

Multi-factor authentication for transactions

In addition to your username and password, you have to enter a TAN in order to confirm money transfers. This code is only sent by SMS to the verified mobile phone number attached to your account.

Biometric login

Instead of using a password, you can log in to your account with fingerprint and face recognition. These unique biological features are far more difficult to copy or steal than traditional passwords.

Task-switching privacy

When switching between apps on your mobile device, the preview image of the Kontist app app is blurred, so that sensitive information such as your account balance does not appear in the multitasking overview.

Security on-the-go

If you opt in, you will receive a push notification on your smartphone for each new transaction in your bank account or on your Kontist card, so you’re always on top of what is happening with your money.

Card blocking on demand

If you think you may have lost your physical Mastercard, you can lock it Kontist’s banking app with just one tap. You also have the option to change your card’s PIN on demand.

Virtual card security

Kontist meets Mastercard’s high security standard, which allows us to offer a virtual card as part of of our standard account offering. Since your virtual Mastercard only exists as a card number in the app, it cannot be stolen.

Jailbroken/ rooted devices are out

To protect your account and sensitive finance data, we do not allow rooted or jailbroken devices as they intentionally disable default security mechanisms of the Apple and Android operating systems.

How we protect your money

Rock solid and proven

Our trusted bank partners, solarisBank (your account-holding institution) and Wirecard Bank (card-issuing institution) are both established, internationally operating companies.

Safe and secure

Your money is kept in a regulated, ring-fenced German bank account. Your funds will never be moved, invested or lent to anyone else. It’s your money, and you can always access it.

Guaranteed deposits

Your bank account is held by solarisBank, which holds a European full banking license and therefore is a member of the Deposit Protection Fund of the Association of German Banks, regulated by BaFin and the European Central Bank (EZB). Assets in your Kontist business bank account are covered by the Deposit Protection Fund under EU directives up to € 100,000.

Safe limits

Kontist protects you with limits for card payments. The risk of falling into debt is eliminated with our Debit Mastercard, which does not offer a credit line. You stay in full control of your expenses.