# BankBridge — reviewer FAQ ## How is user data secured? Access tokens are encrypted at rest with AES-256-GCM using a dedicated `ENCRYPTION_KEY` environment variable. API keys are SHA-256-hashed before storage — the raw key is never persisted after creation. Every outbound bank call uses TLS. The database itself runs on an isolated host with no public ingress except the HTTPS endpoints. ## What financial data does BankBridge store? None. No account balances, no transaction history, no holdings. Every MCP tool call fans out in real time through the upstream aggregator and aggregates in memory before returning. We store only what's required to authenticate (user row, API key hash) and call the aggregator again later (encrypted access token). ## How does multi-bank billing work? Stripe subscription where `quantity = count(connected banks)`. A user with one bank pays $5/mo; three banks is $15/mo. Adding a bank mid-period applies a prorated charge to the next invoice. Removing a bank credits the proration forward. Billing is monthly and in USD. ## How does cancellation work? One click from the dashboard. Billing stops immediately — Stripe does not generate any more invoices. Your access tokens are revoked instantly, bank connections removed, and the subscription closed at end-of-period. No refund on already-billed months. Six independent defenses ensure no orphaned connections keep accruing aggregator fees. ## Which banks does BankBridge support? Any bank supported by our upstream aggregator — 12,000+ US banks and credit unions, with investments coverage at 1,000+ brokerages. The link UI handles the institution-browsing and login flow. ## Which AI hosts work with BankBridge? 29 at launch. Claude (Code, Desktop, web, Cowork). ChatGPT (plus Apps SDK, Enterprise). Cursor. GitHub Copilot. Gemini (CLI, Code Assist, Vertex AI). OpenAI Codex. Windsurf. Continue. Cline. Zed. JetBrains Junie. LM Studio. Warp. Raycast. Goose. Perplexity. opencode. OpenClaw. OpenAI Responses API. OpenAI AgentKit. Plus any MCP-compliant client via the raw HTTP endpoint. ## Is BankBridge open source? The server is closed-source. That's how we sustain development on a $5/mo-per-bank SKU. The client artifacts — the Claude Code plugin, the Claude Desktop `.mcpb` connector, the Skills repo (github.com/bankbridge-money/bankbridge-skills), and the plugin marketplace repo — are all public. ## How does this compare to building your own aggregator integration? You'd need an aggregator developer account, OAuth 2.1 + PKCE + Dynamic Client Registration, AES-256-GCM for access tokens, a live-fetch pipeline with per-bank error classification and exponential backoff, reconnection flows, Stripe quantity billing, a cancellation pipeline that doesn't leave orphaned items bleeding API fees, and a compatibility matrix for 29 evolving MCP clients. Or $5 per bank per month. Fuller breakdown at `/guides/bankbridge-vs-building-your-own-mcp-server`. ## What about the Mac App Store / other app stores? BankBridge is a cloud service; there's no native app to distribute. Users install BankBridge by adding it as an MCP server inside their agent of choice. The Claude Code plugin and Claude Desktop `.mcpb` connector ARE distributed via Anthropic's official channels (plugin marketplace, `.mcpb` installer). ## Who built this? Great Work LLC. Jake Marsh is the sole engineer and founder. Registered in Delaware (651 N Broad St Suite 206, Middletown DE 19709). EIN 37-2028286. ## How can I try it without signing up? Two ways: 1. **Bearer key:** `Authorization: Bearer bbk_demo` against `https://bankbridge.money/api/mcp` returns deterministic fictional data for persona "Alex" (3 banks, 6 accounts, 200+ transactions, 8 investment holdings). Safe for evals or tool-benchmark publications. 2. **Demo login:** sign in as `demo@bankbridge.money` at `/login` to test OAuth-based connector flows in Claude.ai, Perplexity, etc. ## Is review-copy access different from the demo? We can also issue a Stripe-coupon code for free multi-month access (real bank connection of your choice) for longer-form reviews. Email hello@greatwork.company. ## Contact hello@greatwork.company. Same-day reply during US business hours (Central).