Security
Security Overview
Updated: June 25, 2026
1. Encryption
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data stored in our database and object storage is encrypted at rest using AES-256-class encryption provided by our infrastructure platform. API keys and secrets are stored as hashed values, never in plaintext.
2. Data in the processing pipeline
Every uploaded document moves through a defined processing pipeline. At each stage, data is handled as follows:
- Upload (TLS): Your PDF is received over an encrypted HTTPS connection. It is stored in our PostgreSQL database in an encrypted-at-rest state.
- Queue (in-memory): The file is queued for processing via Redis. Queue entries are ephemeral and cleared after the job completes.
- Worker processing (isolated): A temporary decrypted copy of the PDF is written to a worker filesystem, processed, and immediately deleted after conversion completes.
- AI providers (TLS): Only extracted text content is sent to AI providers (DeepInfra for LLM, Mistral AI for OCR) over HTTPS. We never send raw uploaded PDFs to LLM providers — only the text extracted from each page.
- Output storage (encrypted): Generated JSON, CSV, and Excel files are stored in the database alongside the original PDF, encrypted at rest, for up to 24 hours.
- Automatic deletion: After 24 hours, documents and outputs are permanently deleted by an automated cleanup process. No soft-delete or backup retention extends beyond this window.
3. Retention
We retain data according to a strict schedule:
- Uploaded PDFs and outputs: Up to 24 hours, then permanently deleted.
- Account data: Retained while your account is active. Deleted upon account closure or within a reasonable period thereafter.
- Anonymous quality metrics: Permanently retained, but contains zero personal data — no account numbers, names, descriptions, or file names.
4. Human access
Human review is not part of normal product operation. We do not provide routine human access to uploaded documents. Authorized personnel may access production systems only when necessary for:
- Maintenance and incident response
- Abuse prevention and investigation
- Legal compliance and lawful requests
All production access is logged and auditable.
5. AI processing
The service uses two AI providers, each with specific data handling:
- DeepInfra (DeepSeek-V4-Flash): Receives extracted statement text for transaction normalization, merchant classification, and bank detection. We send the minimum text needed to perform each task — typically a few thousand characters per page batch. No raw PDFs are sent.
- Mistral AI (mistral-ocr-latest): Receives the full PDF for optical character recognition, but only for scanned pages that cannot be read natively. Digital PDFs never touch Mistral.
Third-party AI processing is an intentional, disclosed part of the product. Full details are available in our Privacy Policy and DPA materials. We do not train our own AI models on customer data.
6. Quality-assurance analytics
After each conversion, we permanently store anonymized metrics (page count, transaction count, processing speed, detected bank name, balance consistency flag) to monitor service quality and detect regressions. This data contains zero personally identifiable information — it cannot be linked back to you, your file, or your account. We publish aggregate statistics from this data on our public landing page to demonstrate transparency about our accuracy and reliability.
7. Compliance posture
We implement practical security best practices based on standard industry guidelines. We are not currently claiming certifications such as SOC 2, ISO 27001, or PCI DSS on this page. As the service grows, we will evaluate formal certification programs that align with our customers' requirements.