Is this notice for you? Yes β if you used an app or website that asked you to connect your bank account (for example, to check your balance, verify your identity, or share your transaction history), that app likely used OpenDinar's infrastructure to do it. This page explains what OpenDinar specifically does with your data. The app itself will have its own separate privacy policy which you should also read.
Who is OpenDinar?
OpenDinar is a technology company based in Belgrade, Serbia. We build the secure infrastructure that allows apps to connect to Serbian banks. You probably never typed our name β you just clicked "Connect my bank" inside another app. That connection runs through us.
Think of us like the electricity grid: you interact with the light switch (the app you used), but the power comes through infrastructure you don't see. We don't communicate with you directly β only the app does. OpenDinar is the layer in between.
What data OpenDinar holds about you
When you connect your bank account through an OpenDinar-powered app, we process and may temporarily store the following β only for the specific data types the app requested and that you consented to:
- Account details: your account holder name, IBAN, account type, and currency
- Transactions: amounts, dates, and merchant names from your bank statement (for as far back as the app requested)
- Balance: a snapshot of your available and current balance at the time of request
- Identity (if requested): the name, address, phone, and email your bank has on file for you
This data is fetched from your bank and delivered to the app you used. We may cache it briefly to improve performance and reliability, but we are not in the business of building profiles on you or monetising your financial data in any way.
What OpenDinar does NOT store
OpenDinar never sees or stores:
- Your online banking username or password
- Your bank PIN or security codes
- Full debit or credit card numbers, or CVV codes
- One-time passwords (OTPs) sent to your phone
When you log in to your bank through our Link Widget, that happens directly and securely between your browser and your bank. OpenDinar only receives the account data your bank sends back β never your credentials.
How your data is used
Your data is used for one purpose only: to deliver the feature you asked for inside the app you connected through. For example:
- If you connected your bank to a budgeting app β we fetched your transactions so the app could show you your spending breakdown.
- If you connected your bank to verify your identity for a loan application β we fetched your name and IBAN so the lender could confirm who you are.
- If you connected your bank to automate accounting β we fetched your transaction history so invoices could be matched automatically.
We do not use your financial data for advertising, cross-app profiling, or any secondary purpose beyond powering the specific service you gave consent for.
Who can see your data
- The app you connected through β this is who you gave permission to. They receive your data directly and have their own privacy policy. You should review their policy separately.
- Your bank β your bank is informed that a third-party application (the app you used, via OpenDinar) has been granted access to your account data, consistent with your consent.
- OpenDinar engineers β only in exceptional circumstances for debugging verified incidents, subject to strict internal access controls and logging.
- No one else. We do not sell, rent, share, or license your financial data to any third parties, advertisers, or data brokers. Ever.
How to disconnect your bank account
You are always in control. You can revoke access at any time through any of these methods:
- Through the app you used β most apps have a "Connected accounts", "Integrations", or "Settings" section where you can disconnect your bank. This is usually the quickest way and takes effect immediately.
- Through your bank β you can revoke third-party access directly in your online banking portal, typically under "Third-party connections", "Open Banking", or "Connected apps".
- By contacting us directly β email privacy@opendinar.com and we will revoke the connection and delete your cached data within 5 business days.
Once access is revoked, we stop receiving new data from your bank immediately. Any data we hold is deleted within 30 days. Note that the app you connected may retain data it already received β check their privacy policy for their data deletion practices.
Your rights
Under Serbia's Law on Personal Data Protection (Zakon o zaΕ‘titi podataka o liΔnosti, ZZPL) and the principles of the EU General Data Protection Regulation (GDPR), you have the following rights:
- Right to know β you can ask us what personal data we hold about you and receive a copy
- Right to correct β if any information we hold is inaccurate, you can ask us to fix it
- Right to delete β you can ask us to erase your personal data; we will comply unless we are legally required to retain it
- Right to object β you can object to how we process your data
- Right to withdraw consent β disconnecting your bank account is how you exercise this right; it takes effect immediately
- Right to data portability β you can request a machine-readable copy of data you have provided to us
- Right to complain β you can lodge a complaint with the Serbian Commissioner for Information of Public Importance and Personal Data Protection (poverenik.rs)
To exercise any of these rights, email us at privacy@opendinar.com with the subject line "End User Privacy Request". We will respond within 30 days.
If you have any questions about how your data was handled, or if you are unsure whether a specific app used OpenDinar infrastructure, reach out to us directly:
Email: privacy@opendinar.com
Subject: "End User Privacy Request"
Address: OpenDinar, [Address], Belgrade, Republic of Serbia
If you are a developer or business looking for the full technical privacy policy, see the OpenDinar Privacy Policy for Developers.