Security & Privacy

Bank-grade security for bank statements.

We handle the most sensitive document in your company. Here's exactly how.

Encrypted end-to-end

TLS 1.3 in transit. AES-256-GCM at rest with per-tenant keys rotated every 90 days.

24h auto-delete

Uploaded PDFs and generated files are permanently deleted within 24 hours of processing.

SOC 2 aligned

Controls modeled on SOC 2 Type II. Report available under NDA on Business & Enterprise plans.

Zero training

We never use customer data to train or fine-tune extraction models. Ever.

GDPR & CCPA ready

EU/US data residency options. DPA available on request. Standard Contractual Clauses in place.

Self-hosted option

Enterprise customers can deploy Statementify in their own VPC — nothing leaves your network.

Have a security questionnaire?

Email security@statementify.co — we usually turn responses around within one business day.