Security & Privacy
Bank-grade security for bank statements.
We handle the most sensitive document in your company. Here's exactly how.
Encrypted end-to-end
TLS 1.3 in transit. AES-256-GCM at rest with per-tenant keys rotated every 90 days.
24h auto-delete
Uploaded PDFs and generated files are permanently deleted within 24 hours of processing.
SOC 2 aligned
Controls modeled on SOC 2 Type II. Report available under NDA on Business & Enterprise plans.
Zero training
We never use customer data to train or fine-tune extraction models. Ever.
GDPR & CCPA ready
EU/US data residency options. DPA available on request. Standard Contractual Clauses in place.
Self-hosted option
Enterprise customers can deploy Statementify in their own VPC — nothing leaves your network.
Have a security questionnaire?
Email security@statementify.co — we usually turn responses around within one business day.