Security & Privacy

Your bank statements contain sensitive financial data. Here's exactly how we handle it.

Zero storage by default

Your bank statement is processed entirely in memory. The PDF is parsed, transactions are extracted, and the result is returned to you — all in a single request. No files are saved to disk, no data is logged, no copies are retained. When the request completes, your financial data is gone from our servers.

The one exception is opt-in and explicit: if a conversion fails, you can choose to share a redacted, PII-free skeleton of the statement — layout only, with names, addresses, account/IBAN/card numbers, and real amounts stripped out — so we can add support for it. You see exactly what you'd share before deciding, nothing leaves your browser unless you click Share, and any shared skeleton is deleted within 30 days. Your original PDF is never stored.

HTTPS encryption

All connections use TLS 1.3 encryption via Cloudflare. Your PDF upload and the converted output are encrypted in transit. We enforce HSTS (HTTP Strict Transport Security) with a 2-year max-age and preload, so your browser will never accidentally connect over plain HTTP.

No AI, no third-party APIs

ConvertStatement uses rule-based parsers — deterministic code that runs entirely on our servers. Your bank data is never sent to OpenAI, Google, or any other third-party AI service. Unlike competitors who use AI-powered OCR, our approach means your financial data stays within a single, controlled environment.

Security headers & protections

We implement comprehensive HTTP security headers:

  • Content Security Policy (CSP) — prevents XSS attacks
  • HSTS with preload — enforces HTTPS
  • X-Frame-Options DENY — prevents clickjacking
  • Rate limiting — per-IP, per-route protection
  • Cloudflare DDoS protection — enterprise-grade edge security

Payments via Stripe

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We never see or store your credit card number. Stripe handles everything — subscription management, invoicing, and secure payment processing.

Questions?

If you have security concerns or questions about how we handle your data, contact us at [email protected]