Home » Security

Security

Bank statements are sensitive. Here is exactly what happens to yours.

The one-line summary: your PDF travels over TLS. We process it in memory and by default keep a copy for 24h in an encrypted on-disk vault for debugging extraction failures, then it auto-deletes. Opt out in extension Settings and the file is never written to disk at all. Full retention details.

Data in transit

All traffic to the Bank2XL API uses TLS 1.2 or 1.3 (HTTPS).
Certificate provisioning and TLS termination are managed by Cloudflare; we don't operate our own private keys at the edge.
The Chrome extension only talks to https://api.bank2xl.app. It declares no other host permissions.

Data at rest

By default, your uploaded PDF auto-deletes after 24 hours. The API receives the upload in a request body, holds the bytes in memory for conversion, and writes a single copy to an encrypted on-disk debug vault (root-only, mode 0700, per-file mode 0600, no backups, no replication). An hourly sweeper deletes anything older than 24h. Opt out in extension Settings and the upload is held in memory only. The disk write is skipped.
We return generated Excel and CSV files directly to your browser. We don't keep a server-side "history" tied to your statement content.
No account database during the beta. Bank2XL is free without signup, so we don’t keep an accounts table, email list, or Stripe customer records. Once paid plans launch, account metadata (email + Stripe customer ID) will live in a TLS-protected Postgres instance. We'll update this page before that happens.

AI providers

We use third-party models for OCR and extraction. We pick providers whose terms forbid training on customer content:

Provider	Role	Retention
OpenRouter	LLM gateway	Passes content to upstream; we route via OpenRouter's Zero Data Retention tier for providers that honour it.
Google Gemini (via OpenRouter)	Vision extraction	Per Gemini API additional terms: paid-tier inputs and outputs are not used to improve Google products.
Datalab (Chandra OCR)	OCR for scanned PDFs	Per Datalab's privacy policy: zero data retention on the managed platform for API customers; no training on customer content.

What we log

We record service-health and abuse-prevention telemetry only. We never log file content.

Timestamps of conversions
Page counts and file sizes
Success / failure status and reconciliation status
Truncated IP (first three octets, last masked) for rate-limiting

Chrome extension permissions

Permission	Why
`storage`	Remember settings, the free-tier counter, and the last 5 recent conversion records (job IDs only) on your device.
`downloads`	Save the converted Excel to your Downloads folder.
Host: `https://api.bank2xl.app/*`	The only network destination the extension is allowed to contact.

The extension does NOT request access to your browsing history, any banking websites, or "all sites". It only acts on files you explicitly hand it.

Operational security

Two-factor authentication on all production accounts.
We keep production secrets in environment variables, never in source control.
Service worker code is open for inspection: download the extension and read background.js. It's unobfuscated vanilla JS.

What we can't promise

We use standard practices, but no system is unbreakable. If your statement is so sensitive that you wouldn't upload it to any cloud SaaS, please don't upload it to Bank2XL either. If you're a regulated entity (financial advisor, healthcare org with statements containing PHI, etc.) we're happy to discuss an on-premise build. Reach out at security@bank2xl.app.

Reporting a vulnerability

Email security@bank2xl.app. We respond within 72 hours. We do not yet have a formal bug bounty program, but we appreciate disclosure and will credit you publicly with your permission.

Join the waitlist Retention policy Privacy Policy