Bank statements are sensitive by definition, so the file-handling rules are strict and simple.
While converting
Uploads travel over HTTPS and are stored encrypted at rest, in a private bucket, only for as long as extraction takes. Statement contents are processed by automated systems — no person reads your data.
The moment conversion finishes
The original PDF is deleted immediately — success or failure, the source file never outlives the processing step. This isn't a scheduled cleanup that runs later; it happens as the conversion completes.
Extracted rows
The transaction rows and your exports live on your team's retention schedule — from 30 minutes to 30 days, your choice (how retention works). After expiry, the rows are gone and only the metadata line in your history remains (file name, page count, status).
What we never do
Your statements are never used to train models, never shared, and never inspected by humans. Passwords for protected PDFs are used to open the file and are not stored.