Security You Can Trust
We built Statement Pro with security-first principles. Your financial data is protected at every stage of the conversion process.
Data Handling Practices
Automatic File Deletion
All uploaded PDF files and generated output files are automatically deleted within 24 hours of processing. We do not retain your documents beyond what is needed to complete the conversion.
No Transaction Data Logging
We never log your financial transactions, account numbers, balances, or any personally identifiable financial information. Application logs are explicitly scrubbed of PII.
Minimal Data Retention
We store your email address, subscription status, and usage metrics (page counts). Uploaded files and generated exports are auto-deleted within 24 hours. When AI processing is used, statement text is sent to our AI provider (Anthropic) subject to their data retention policy.
Encryption
HTTPS Encryption in Transit
All communication between your browser and Statement Pro is encrypted using HTTPS/TLS. Your uploaded files and downloaded results travel over encrypted connections at all times.
Secure Payment Processing
All payments are processed by Stripe, a PCI-DSS Level 1 certified payment processor. We never see or store your credit card numbers.
File Lifecycle
Upload
PDF uploaded over encrypted HTTPS connection
Download
Clean output file available for download
Auto-Delete
All files automatically purged within 24 hours
Access Controls
Email-Based Authentication
All accounts use email-based authentication. We support Google and Microsoft social login for convenient, secure access. Two-factor authentication (TOTP) is available for additional protection.
Per-User Data Isolation
Each user can only access their own uploaded files, conversion jobs, and results. There is no shared access between accounts.
Data Privacy Commitments
- We do not sell your data to third parties, ever.
- Your financial documents are not shared with any third party beyond what is necessary for processing. Some statements are processed using Anthropic's AI (see AI Processing below).
- We do not use your statement data for training or analytics. Anthropic's commercial API policy states they do not use API data for model training.
- Accounting integrations (QuickBooks, Xero) use OAuth 2.0 and only transmit data when you explicitly initiate a send.
- You can request deletion of your account and all associated data at any time by contacting support.
AI Processing
Statement Pro uses a combination of dedicated rule-based parsers and AI-powered extraction to convert your bank statements. Here is how AI processing works and what it means for your data.
When AI Is Used
When we have a dedicated parser for your bank, transactions are extracted locally using rule-based logic. For unrecognized banks, or to verify parser accuracy, statement text may be sent to Anthropic's Claude API for AI-powered extraction.
What Data Is Sent
When AI processing is used, the text content of your bank statement (including transaction dates, descriptions, and amounts) is sent to Anthropic's API over an encrypted HTTPS connection. The original PDF file is not sent.
Anthropic's Data Handling
Anthropic's commercial API policy states they do not use API inputs to train their models. Anthropic may retain API inputs for up to 30 days for trust and safety purposes. Zero Data Retention (ZDR) arrangements are available for enterprise customers. See Anthropic's privacy policy for full details.
How to Know
After conversion, your job detail page shows whether the statement was processed using a dedicated parser or AI extraction. Jobs using AI are labeled "AI-Assisted" or "AI-Verified."
Questions About Security?
We are happy to answer any questions about how we handle your data. Reach out to our team.
Contact UsOr email us directly at [email protected]