Your statements, vaulted.
Bank statements contain sensitive financial detail. Here's exactly how we handle them.
All traffic is encrypted with TLS 1.3. PDFs are processed in memory and never written to disk. The parsed transaction data retained in your account is encrypted at rest with AES-256.
Statements are sent to Google Document AI for text extraction under an enterprise data agreement with no retention rights. Our reconciliation engine then processes the output inside ephemeral Cloudflare Worker instances that are destroyed after each request.
Row-level security ensures users can only see their own statements. Service-role keys never leave the server.
Original PDFs are never written to any database or disk. They are processed in memory and deleted immediately after parsing completes. The only data retained in your account is the parsed export you choose to download.
Email + password and Google OAuth, backed by industry-standard JWT sessions with refresh rotation.
Infrastructure is hosted on SOC 2 Type II audited platforms. SOC 2 attestation for stmtly is in progress.
