StmtPilot logoStmtPilot
  • Features
  • Convert
  • Pricing
StmtPilot logoStmtPilot

Review-first bank statement conversion for accountants, bookkeepers, and finance teams.

Product
  • Features
  • Pricing
  • Product Facts
  • FAQ
Resources
    Company
    • About
    • Contact
    Legal
    • Cookie Policy
    • Privacy Policy
    • Security Policy
    • Terms of Service
    © 2026 StmtPilot. All Rights Reserved.

    Security Policy

    How StmtPilot approaches data protection, access control, and vulnerability reporting

    2026/03/29

    Overview

    StmtPilot is designed for sensitive bank statement conversion workflows. This page describes the security practices we currently use to protect uploaded files, extracted rows, exports, and supporting systems.

    Security Principles

    We aim to keep the product simple, short-lived, and tightly scoped:

    • keep statement data retained for the shortest practical time,
    • restrict access to systems and stored files,
    • separate operational environments where practical,
    • log and investigate security-relevant failures and abuse.

    Data Protection

    We use reasonable technical and organizational safeguards intended to protect statement conversion data in transit and at rest. This may include encrypted transport, managed infrastructure controls, short-lived session access, and internal access restrictions.

    Access Controls

    Access to production systems and statement-related data is limited to the extent reasonably necessary to operate, maintain, and secure the service. We use account-based access controls and attempt to limit privileged access to authorized personnel and service providers.

    File Retention

    StmtPilot relies on short retention windows as part of its security model:

    • raw uploaded PDFs are intended to expire quickly,
    • generated exports and anonymous session data are also short-lived,
    • cleanup jobs remove expired files and related records.

    Current operational retention defaults are described in our Privacy Policy.

    Shared Responsibility

    Security also depends on how you use the service. You are responsible for:

    • uploading only documents you are authorized to process,
    • safeguarding account credentials and session links,
    • reviewing outputs before relying on them,
    • reporting suspected misuse or exposure promptly.

    Vulnerability Reporting

    If you believe you have discovered a security issue affecting StmtPilot, please contact us with enough detail for us to investigate. Please do not access data that does not belong to you, disrupt the service, or publicly disclose unresolved issues before we have had a reasonable opportunity to respond.

    No Absolute Guarantee

    No service can guarantee absolute security. While we work to protect StmtPilot and the data processed through it, you acknowledge that all internet services carry some residual risk.

    Updates

    We may update this Security Policy as the product, infrastructure, or security practices evolve.