Last updated: April 21, 2026
Date: 8 April 2026
Access to the Stellar BankSync is provided through the Stellar BankSync Portal, which is accessible by invitation only. User accounts are created and managed by Stellar authorised administrators, after which clients receive an activation link to set up their account. This controlled onboarding process ensures that only authorised clients can access the platform.
When using the platform, we process certain personal data of portal users to enable access, ensure security, and manage the service. This includes your name, business email address, and billing contact details. In addition, we collect and store limited technical and usage data, such as IP address, timestamps, and browser type. This logging data is retained for a maximum of three months and is used to maintain the security and integrity of the platform, monitor usage, and detect or prevent unauthorised access or misuse.
Users log in via a secure authentication process that includes multi-factor authentication (MFA), providing an additional layer of protection against unauthorised access. Within the platform, different user roles and permissions may apply, ensuring that access to data and functionalities is limited to what is necessary for each user.
From within the platform, you can initiate a connection with your bank account(s) by providing consent. For this purpose, you are securely redirected to the Yapily environment, where you authenticate directly with your bank (via the bank’s own interface) and grant permission for the retrieval of financial data.
Security is our highest priority. Data transferred between your bank, Yapily, and our systems is transmitted exclusively through secure, encrypted channels to prevent unauthorised access. Once received, the data is stored in encrypted form and can only be accessed by authorised users. We use trusted hosting providers that comply with strict security and compliance standards.
Through our partner Yapily, we access your financial account information in read-only mode solely to review your account data and transactions. We are not able to initiate payments or make any changes to your account. Yapily is ISO27001 and SOC2 certified, complies fully with PSD2 (the EU Payment Services Directive) – a strict regulatory framework for banking and financial data – and applies bank-grade encryption in line with OpenID standards.
All data exchanges are securely encrypted via OAuth2 (the industry-standard protocol for authorization), and rely on tokenisation, meaning you share consent rather than credentials, keeping your information encrypted and secure at all times. We only store the minimum amount of sensitive data required, and only if you explicitly choose to do so. Your login credentials are never visible to us – you authenticate directly with your bank, and we receive only a secure, short-lived authorization token. This approach ensures both privacy and compliance while allowing us to provide our services safely and efficiently.
Through our integration with Yapily, we retrieve financial transaction data from the bank accounts you have explicitly authorised. This includes bank transaction details such as IBAN/BIC, account holder name, date/time, amount, currency, balance, descriptions, counterparties, and account identifiers. We do not collect or process login credentials or any data beyond what is necessary to provide our services.
The retrieved transaction data is securely stored in our Microsoft Fabric environment and processed to generate structured bank statement formats (MT940) as well as human-readable PDF statements. These outputs are shared with your Yardi system via secure file transfer (SFTP), which ensures encryption in transit. Upon request and subject to additional fees, files can also be encrypted at rest using industry-standard AES-256 encryption prior to storage and transfer, providing an additional layer of data protection.
We retain the generated MT940 and PDF statements for 24 months. The source bank transaction data retrieved via Yapily is also retained for 24 months to support transaction reconciliation, auditing, and service improvement.
To ensure the proper functioning and continuous improvement of our services, we also retrieve limited data from your Yardi system. This includes master data, such as bank account details (IBAN/BIC, account holder name, transaction ID) and configurations, which are required to maintain the connection and support changes like the addition of new accounts. We further process transaction-related information, including invoice references, to improve the accuracy of transaction matching and reconciliation, particularly where references are incomplete or inconsistently formatted.
In addition, we may access information on open transactions to support the development of enhanced functionalities, such as automated matching or payment predictions. We also use feedback from your ERP system on how transactions have been matched, including any manual adjustments, to support billing processes and continuously refine our matching logic.