Remti is an Open Banking orchestrator, not a custodian. We never take possession of your funds — every payment is authorised by you, executed by your bank.
Every payment is a direct instruction from your bank account to your supplier's bank account. Remti orchestrates the handshake — we never hold, route, or process funds.
AES-256 at rest, TLS 1.3 in transit. Bank credentials never touch our servers — authorisation stays in your bank's app.
We work exclusively with FCA-authorised EMIs. Every payment is PSD2-compliant with strong customer authentication.
Immutable log of who did what, when. Exportable for your auditor, retained for 7 years on enterprise plans.
Every payment above your threshold requires a second factor: your bank's app, TOTP, or hardware key.
We check account holder names against sort codes before every payment. Misnamed beneficiary? Flagged before send.
Granular permissions by role. Delete your data any time — we honour erasure within 30 days under UK GDPR.
Annual audit · Report on request
Certified 2024 · BSI
ICO registered · DPA signed on request
Strong customer auth · all payments
AWS London (eu-west-2) primary, Dublin failover. Data never leaves UK/EU without your consent.
Every 15 minutes, encrypted, retained 90 days. RPO 15 min, RTO 4 hrs.
Admin, Manager, Assistant, Read-only. Scoped by entity, supplier category, or amount.
Okta, Google Workspace, Azure AD. Auto-deprovision on leaver events.
Export every invoice, payment, and approval to CSV, JSON, or PDF. Your data is never locked in.
Public program. We pay bounties up to £10,000 for responsibly-disclosed issues.