Security

At BankStatement.to, we take the security of your data seriously. Bank statements contain sensitive financial information, and protecting that data is a core part of how we design, build, and operate our service.

This page outlines how we handle security, data protection, and privacy.

High-level approach

We follow a few simple principles:

  • Only collect what we need to provide the service
  • Protect data in transit and at rest using industry-standard controls
  • Limit access to systems and data
  • Delete data as soon as it’s no longer needed

Security is not a single feature—it’s part of our day-to-day engineering and operations.

Data handling & storage

Uploaded files

  • Bank statements are uploaded over encrypted connections (HTTPS/TLS).
  • Files are processed automatically by our extraction pipeline.
  • We do not sell, share, or use your data for training models.

Retention

  • Uploaded files and extracted data are stored only for as long as necessary to provide the service.
  • Temporary files are automatically deleted after processing or after a short retention window.
  • You can delete your files and results manually at any time from the app.

Encryption

  • In transit: All traffic is encrypted using HTTPS/TLS.
  • At rest: Data is stored using encrypted storage provided by our infrastructure providers.

Access control

  • Access to production systems is restricted to authorised personnel only.
  • Principle of least privilege is applied.
  • Administrative access is logged and monitored.

Infrastructure & hosting

  • BankStatement.to runs on reputable, security-focused cloud infrastructure.
  • We rely on managed services where possible to reduce risk and surface area.
  • Systems are kept up to date with security patches and dependency updates.

Payments

  • We do not store credit or debit card details.
  • Payments are handled by trusted third-party payment processors who are PCI-DSS compliant.
  • We only store the minimum metadata required to manage subscriptions and billing.

Vulnerability management

  • Dependencies are monitored for known vulnerabilities.
  • We regularly review and improve our security posture as the product evolves.
  • If you believe you’ve found a security issue, please see the Responsible Disclosure section below.

Responsible disclosure

If you discover a potential security vulnerability, please report it responsibly by emailing:

[email protected]

Please include:

  • A clear description of the issue
  • Steps to reproduce (if applicable)
  • Any relevant screenshots or logs

We will acknowledge reports promptly and work to resolve verified issues as quickly as possible.

Company

BankStatement.to is developed and maintained by Moya Labs Ltd.
We build serious software that’s seriously good—and security is a non-negotiable part of that.

Questions?

If you have questions about security, data handling, or compliance, contact us at:

[email protected]