Security & Data Protection

Your financial data security is our top priority. Learn about our comprehensive security measures.

Our Security Promise

Never Stored

Your bank statements are never saved to our servers

Always Encrypted

All data transmitted with TLS 1.3 encryption

No Human Access

Automated processing - staff never see your data

How We Protect Your Data

In-Memory Processing Only

When you upload a bank statement, it is processed entirely in the server's memory (RAM). We never write your statements to disk, databases, or any persistent storage. This means:

No traces of your statement remain on our servers
Data is automatically purged when processing completes
Memory is cleared immediately after conversion
Even in case of server failure, your data is not recoverable

End-to-End Encryption

All data transmitted between your browser and our servers is protected with industry-standard encryption:

TLS 1.3: The latest transport layer security protocol
256-bit AES encryption: Military-grade encryption standard
HTTPS-only: No unencrypted connections allowed
Perfect Forward Secrecy: Past communications cannot be decrypted even if keys are compromised

Zero Human Access

Your bank statements are processed by automated systems only:

No staff members have access to your uploaded files
AI-powered parsing runs automatically without human intervention
No logging of transaction details or account numbers
Only metadata (file size, conversion time) is tracked for system monitoring

Strict Access Controls

We implement multiple layers of access control and authentication:

Account Authentication: Secure login with email verification
Session Management: Automatic timeout after inactivity
API Security: Rate limiting and request validation
Infrastructure Access: Multi-factor authentication for all staff accounts

Infrastructure & Compliance

Hosting & Infrastructure

Vercel: Enterprise-grade hosting with global CDN
Supabase: PostgreSQL database with encryption at rest
DDoS Protection: Automatic mitigation of attacks
Redundancy: Multiple availability zones for high uptime

Compliance Standards

UK GDPR: Full compliance with UK data protection law
PCI DSS: Payment processing via Stripe (Level 1 PCI certified)
Data Protection Act 2018: UK data protection compliance
ISO 27001: Information security management

Payment Security

Stripe Payment Gateway: Industry-leading payment processor
PCI DSS Level 1: Highest level of payment security certification
No Card Storage: We never see or store your card details
3D Secure: Additional authentication layer for card payments

Monitoring & Response

24/7 Monitoring: Continuous system health and security monitoring
Intrusion Detection: Automated threat detection and response
Incident Response: Documented procedures for security events
Regular Audits: Security reviews and vulnerability assessments

What We Never Do

✗Store your bank statements on our servers

✗Share your data with third parties

✗Sell or monetize your financial information

✗Use your data for marketing purposes

✗Keep logs of account numbers or transactions

✗Allow staff access to your uploaded documents

Your Security Responsibilities

While we implement robust security measures, you also play a crucial role in protecting your account:

Use a strong password: At least 12 characters with mixed case, numbers, and symbols
Never share your password: Keep your login credentials confidential
Log out on shared devices: Always log out when using public computers
Keep your device secure: Use up-to-date antivirus software
Verify our website: Always check the URL is convertbank-statement.com
Report suspicious activity: Contact us immediately if you notice anything unusual

Security Questions or Concerns?

If you have security questions, discovered a vulnerability, or have concerns about your data, please contact our security team immediately.