The first time I opened a budgeting app and it asked me for my bank username and password, I closed it. Not because I didn't trust the company. Because I didn't trust the design.

A money app shouldn't need that to be useful. It shouldn't need to impersonate me on my bank's website to count what I've spent. It shouldn't need a third-party service in Iowa to pretend to be me at midnight while I'm asleep. There's something off about a product that works only after you hand it the keys.

So when we built Marvin, we made one rule: we will never ask for your bank login. No "connect your account." No Plaid. No Yodlee. No screen-scraping intermediary. Not even an OAuth flow that looks polite while it does the same thing.

That decision shaped everything that came after.

What the standard playbook actually does

When a budgeting app asks you to "connect your bank", here's what's happening underneath:

  1. You hand your bank username and password to a third-party aggregator (Plaid, Yodlee, MX, Finicity).
  2. That aggregator stores those credentials, logs into your bank as you, and reads your transactions.
  3. It does this every few hours, forever, on a schedule you can't see.
  4. Your bank often can't tell the difference between you and the aggregator. Some banks consider it a terms-of-service violation, but they let it slide.
  5. The app you signed up for receives a stream of transactions from the aggregator and shows it to you in a dashboard.

This works. It's been the default for fifteen years. Millions of people use it. And on the surface, it looks magical: you sign up, your account shows transactions in seconds, you're done.

But the trade is real, even if it's invisible.

The trade: in exchange for not typing in your transactions, you give a third-party company permanent, unsupervised access to your bank — and trust that company, the aggregator, and the budgeting app to all stay honest, stay solvent, and stay un-breached, forever.

Why we said no

Three reasons, in order of importance.

1. We didn't want to be a target.

The moment you store millions of bank credentials, you become the most interesting database on the internet. The 2017 Equifax breach exposed 147 million Americans' records — and Equifax sells data-aggregation services as part of its credit-bureau business. Plaid — the largest bank-aggregator in fintech — paid a $58 million class-action settlement in 2022 for collecting more bank data from users than it needed. We didn't want to inherit that risk profile from day one.

The cleanest way to never lose your bank password is to never have it.

2. The design was making people lazy.

When an app silently imports every transaction, users stop looking. The dashboard tells them what they spent, but they didn't experience spending it. There's a body of evidence — both academic and anecdotal — that shows passive tracking changes very little behaviour. You can't improve a number you didn't notice in the first place.

Asking the user to upload a receipt or paste a statement creates a tiny moment of friction. That friction is the feature. It puts you in the loop. It makes you an active reader of your own money.

3. We didn't want to lie about what we knew.

Aggregator data is messy. Transactions arrive 24-72 hours late. Pending charges flip back and forth. Foreign transactions show up in the wrong currency. Recurring bills get duplicated. The dashboard looks authoritative, but it's running on data that's stale and ambiguous, and the user has no way to tell.

We wanted Marvin to be honest about what it knows. So we changed the source. Marvin reads the actual receipt you uploaded, the actual statement you forwarded, the actual entry you typed. The data is opinionated and immediate, because you chose to give it.

So how does Marvin work without it?

Three intake paths, no bank credentials anywhere:

  • Snap it. Photograph a receipt with your phone. Marvin Vision extracts merchant, total, date and category in under a minute. Works on paper, on PDFs, on screenshots from your bank app.
  • Forward it. Forward an emailed bank or credit card statement to Marvin. We parse the PDF, extract every line, hand them back to you for one-tap approval.
  • Type it. "Coffee $5 today" or "Uber 22 yesterday" — Marvin's natural-language parser turns plain English into structured entries.

Combined, these are faster than you'd guess. Most users add their week's expenses in under two minutes. And every entry exists because you made a choice — not because some script ran while you weren't looking.

What it costs us

A real cost, actually. The "connect your bank" flow is the lowest-friction activation path in fintech. Apps that use it have higher day-1 retention. Reviewers love it. App store screenshots write themselves.

We knew we'd have a slower top-of-funnel. We accepted that. Anyone who actually wants the thing — a clear, honest, private money app — would take the extra ten seconds to upload a receipt. Anyone who wouldn't probably wasn't going to actually use the budget anyway.

We optimised for the user who shows up the second week. Not the one who installs and never opens it again.

What it costs you, when other apps make the trade

Three things, mostly invisible until something goes wrong.

One: your bank's terms of service usually say you're responsible if your credentials are misused. Aggregator breaches almost always end with the user holding the bag, because technically you handed the credentials over voluntarily.

Two: the aggregator now has a complete read of your financial life. Some sell aggregated data to advertisers and lenders. The legal language allows it. The privacy policy you didn't read allows it. You allowed it when you typed your password.

Three: when you stop using the app, the aggregator doesn't always stop logging in. Disconnections fail silently. The long tail of "stopped using the app years ago but credentials are still being used to scrape my data daily" is bigger than anyone wants to admit.

The honest version

We're not pretending Marvin's intake is more convenient. It's not. A one-tap bank connection wins on speed, full stop.

What we're saying is: we think the convenience is worth less than what it costs. We think you'd rather spend 90 seconds a week putting your own data into a tool you trust than spend years not knowing exactly what's being read from your account, by whom, and where it's going.

If we're right, you'll like Marvin. If we're wrong, there are a dozen apps that'll do the easy thing, and we wish you well using them.

Either way — that's why we don't ask for your bank login. And why we never will.

More on how we handle data — encryption at rest, deletion guarantees, and a list of things we explicitly never do — on our privacy page.

M

Marshall Singh · founder, Mars Enterprises

Building the Marvin family of products at Mars Enterprises — an India-born technology company going global. Marvin Money is one of them. Writes here whenever something seems worth saying. Reach me at marshall@mars.enterprises.