Security & Privacy

Bank statements contain sensitive financial information. This page explains the controls BankPDFExcel is designed around and the deployment choices you should make before going live.

Encrypted in transit

All browser-to-server traffic should be served over HTTPS in production. Uploaded statements are transmitted only for the conversion request.

No document storage by default

PDF files are processed in memory for extraction and export. The application does not intentionally persist uploaded bank statement PDFs.

No training on customer files

Uploaded statements are used only to provide the conversion result. They are not used to train public AI models.

Controlled service providers

Conversions may use OCR and LLM providers configured by the deployment owner. Choose providers and regions that match your compliance needs.

Production checklist

Deploy behind HTTPS with secure cookies enabled.
Use a persistent database and restrict database access.
Configure OCR/LLM providers with appropriate data retention terms.
Keep API keys and webhook secrets in environment variables only.
Review generated spreadsheets before importing into accounting systems.