Bank To LedgerBANKTOLEDGER

Security & Data Handling

You upload your clients' most sensitive financial documents. This page explains exactly what we do — and don't do — with them. No legal jargon, no vague promises.

Processed in Memory Only
1-Hour Auto-Delete
HTTPS in Transit
No Passwords Stored
No Data Selling
Metadata Only in Database

How Your File Is Processed

In server RAM only · Never written to disk
  • When you upload a PDF, it is received directly into server memory — it is never written to disk at any point.
  • To extract transactions, the PDF content is sent to Anthropic's Claude API (our AI provider). Anthropic processes your file under their own privacy policy and data handling terms.
  • Once extraction is complete, the raw file buffer is discarded immediately. The extracted rows are held in an in-memory store for up to one hour so you can download your output file.

What We Store in the Database

Metadata + 25-row preview
  • Our database records only metadata about each conversion: file name, bank name detected, upload mode, page count, row count, accuracy percentage, status, and timestamps.
  • A preview of up to 25 rows is saved alongside the metadata so your History page works after you have already downloaded the file.
  • No full transaction data, no raw account numbers, and no passwords are ever written to the database.

When Data Is Deleted

1-hour expiry · Manual delete available
  • Every conversion record — including its 25-row preview — is set to expire one hour after creation. A background job periodically removes expired records.
  • The in-memory extracted data (used to generate your download file) is also held for one hour and then automatically purged.
  • You can delete any conversion immediately from the Conversions page. This removes the database record and the in-memory blob at once.

Authentication

Passwords handled by Clerk only
  • Sign-in is handled entirely by Clerk, a third-party identity provider. We never receive, handle, or store your password.
  • Every API request is verified server-side using a signed token issued by Clerk. There is no way to access another user's conversions.
  • Each conversion is identified by a randomly generated UUID — there are no sequential IDs that could be guessed or enumerated.

What We Don't Do With Your Data

No selling · No AI training
  • We do not sell, rent, or share your financial data or your clients' data with any third party for commercial purposes.
  • We do not use your uploaded statements to train, fine-tune, or improve AI models — ours or anyone else's.
  • Our internal logs record conversion counts and page counts for billing purposes only. Financial amounts, account numbers, and transaction descriptions are never logged by us.

Third-Party Services That See Your Data

Anthropic · Clerk · Replit
  • Anthropic (Claude): the content of your PDF is sent to Anthropic's API to perform data extraction. Their data handling is governed by Anthropic's privacy policy and API usage terms.
  • Clerk: handles authentication. Clerk receives your email address and login credentials. Their data handling is governed by Clerk's privacy policy.
  • Our hosting infrastructure is provided by Replit. Server resources, including in-memory data during processing, run on Replit's platform.

Found a security issue?

Email us and we will look into it.

Bank-Grade Security • No Third-Party Data Selling • In-Memory Processing

Security Acknowledgments·Our Security Promises