Security & trust
Here's exactly what happens to your file, in plain language — no security-engineer jargon, no marketing fluff.
Is it safe to upload a bank statement here?
Here's the honest answer, mechanism by mechanism. Your file travels over an encrypted connection — HTTPS is forced, with HSTS so browsers never fall back to plain HTTP. The moment parsing completes, the uploaded file is deleted; the extracted numbers live in server memory only until you export them: five minutes after your first download, immediately if you click Clear, or sixty minutes at most — and only the browser session that uploaded a statement can see its results. Statement contents never touch a database or object storage. An account is optional and holds billing data only — your email, Stripe billing IDs, and a page count — never your statements. A password for an encrypted PDF is used in memory for that one conversion and is never stored or logged. Your statement's contents are never sent to a third-party API, we don't train any AI model on your files, and our automated test suite verifies all of this on every release — this page describes passing tests, not intentions.
What happens to your file
The moment we finish parsing your statement, the uploaded file is deleted from disk — not scheduled for deletion later, deleted in the same step that produces your result.
The numbers you see on screen stick around only long enough for you to export them: 5 minutes after your first download, immediately if you click Clear, or a hard 60-minute limit no matter what. If you close the tab mid-conversion, we also make a best-effort attempt to purge the job right then.
Your statement data lives in server memory and the operating system's temp folder — never in a database, never in object storage, nothing that survives a restart.
And it's visible only to you: just the browser session (or signed-in account) that uploaded a statement can check its progress, download its exports, or delete it. Anyone else who tries a job's address gets the same 404 as a job that never existed.
Our automated test suite checks that the files are actually gone at every one of these stages, on every release — this isn't a policy promise, it's a passing test.
Password-protected PDFs
If your PDF is encrypted, we ask for the password so we can open it. There's one honest exception to instant deletion: while we wait for you to enter or correct that password, the file stays on disk — still in its original encrypted form — for up to 10 minutes. After that, or as soon as the conversion finishes, it's purged like everything else.
The password itself travels over an encrypted connection and is handed to our parsing process through a private, in-process channel — never as a command-line argument, so it's never visible in a process list. It's used in memory for that one conversion, never written to disk, and never logged.
What we store
On the free tier: no sign-up, no email address. The only cookie we set is an anonymous usage-limit cookie: a random ID plus a cryptographic signature, checked in constant time so it can't be tampered with or guessed. It doesn't contain anything about you or your files — it just keeps track of how many pages you've converted today.
If you create an account (optional, for paid plans), we store exactly three things: your email address, your Stripe customer and subscription IDs, and a monthly page count. Card numbers stay with Stripe — we never see them. Your statements and their extracted numbers are never written to that database; the zero-retention lifecycle above applies to every conversion, signed in or not.
Encryption in transit
Every request to SoFlo360 Statements is forced onto HTTPS at the edge, and we send a Strict-Transport-Security header telling browsers to remember that and never fall back to plain HTTP.
What we don't do
We don't train any AI model on your files. Parsing happens entirely inside our own server process — your statement's contents are never sent to a third-party API.
Your files leave nothing at rest to encrypt: statements never reach a database or object storage, so there's no copy sitting around to protect. The only thing we hold at rest is the billing record described above. Our server instances scale to zero when idle and take every conversion with them.
And the part that matters most: every statement is reconciled against its own printed totals before you ever see an export button. Conversion errors can't hide behind a CSV that looks fine — if the numbers don't add up, we tell you before you download anything.
Last updated July 11, 2026.