Security Overview

1. Encryption

Parse My Statement is designed to use TLS for data in transit and encrypted infrastructure for stored data. Where provided by the hosting platform, stored data is expected to be protected with AES-256-class encryption at rest.

2. Retention

Uploaded PDFs and generated outputs may be stored for up to 24 hours to support processing and user downloads. They are then scheduled for automatic deletion.

3. Human access

Human review is not part of normal product operation. We do not provide routine human access to uploaded documents, although authorized personnel may access production systems when necessary for maintenance, abuse prevention, legal compliance, or incident response.

4. AI processing

Scanned pages may be processed by Mistral OCR and extracted statement text may be processed by OpenAI for normalization. Third-party AI processing is an intentional part of the product and is disclosed in the Privacy Policy and DPA materials.

5. Compliance posture

We implement practical security best practices, but we are not currently claiming certifications such as SOC 2, ISO 27001, or PCI DSS on this page.