Your money stays
in your hands.
Bank-grade security architecture. 100 % European hosting. Read-only access. We designed everything so you have absolutely no doubt.
AES-256
Encryption
GDPR
Compliant
PSD2
Open Banking
ISO 27001
Infrastructure
TLS 1.3
In transit
0
Password stored
Never, structurally impossible
100%
EU hosting
France & Germany, ISO 27001
Read
Only
Zero transaction possible, PSD2
Defence in depth
6 layers of protection.
Each one protects the next.
Military-grade encryption
Even our own team cannot read your data. End-to-end encryption with keys protected by FIPS 140-2 certified hardware security modules.
100 % European soil
Your data never leaves Europe. No provider subject to the US CLOUD Act. Full and enforceable GDPR compliance.
Read-only access
Thelma cannot do anything with your money. Technically and contractually impossible. We analyse, we never act.
Zero password stored
You authenticate with your bank. We receive a temporary token that you can revoke at any time from our interface.
Distributed backups
Your data is backed up daily on geographically separate infrastructures. Restoration guaranteed in under 4 hours.
Penetration testing
Certified ethical hackers attempt to break our defences twice a year. Every critical vulnerability is patched in under 72 hours.
PSD2 Protocol — Open Banking
How we access your data.
In an ultra-secure way.
The European PSD2 directive imposes a strict access protocol. You authenticate with your bank — not with us. Your bank sends us a temporary token. That's it.
1. Your bank
You log in on their interface
2. PSD2 API
Regulated TLS 1.3 channel
3. Thelma
Analysis only
Your rights
Our GDPR commitments
Real rights, immediately exercisable, without friction.
Erasure
Within 30 days
Portability
JSON/CSV export
Consent
Granular
Access
Transparent
Rectification
Immediate
Objection
To profiling
Notification
Within 72h if incident
Dedicated DPO
dpo@thelma.fr
Frequently asked questions
Direct answers, no jargon.
Start with complete peace of mind
Your security is not an optional feature. It is our number one constraint.