BankFlowBankFlow
Home

Trust & security

Security at BankFlow

Your financial data is sensitive. BankFlow is built with security as a first principle not an afterthought.

TLS 1.2+ in transit
AES-256 at rest
SOC 2 infrastructure
No third-party sharing

Encryption in transit

All communications between your browser and BankFlow's servers are encrypted using Transport Layer Security (TLS 1.2+). Every file upload, API request, and page load travels over an encrypted connection.

Encryption at rest

All stored data including uploaded bank statements and extracted transaction records is encrypted at rest using AES-256, the same encryption standard used by financial institutions globally.

Access controls

Access to production systems and customer data is restricted to authorized personnel only, on a need-to-know basis. All internal access is logged and audited.

Privacy-first architecture

BankFlow is designed to handle your data with minimum exposure:

  • Uploaded files are processed and not permanently stored beyond your account
  • We do not use your financial data for advertising or AI training
  • No third parties receive access to your documents or transactions

Infrastructure

BankFlow runs on enterprise-grade cloud infrastructure with redundancy, automated backups, and high availability design. Our infrastructure providers maintain SOC 2 compliance and industry-standard security certifications.

Authentication

User authentication is handled by Clerk, a trusted identity provider with support for multi-factor authentication (MFA), secure session management, and OAuth sign-in via Google.

Data deletion

You have full control over your data. You can delete individual statements, all uploaded documents, or your entire account at any time from your Settings page. Deleted data is permanently removed.

Payment security

Payments are processed by Dodo Payments. BankFlow never stores your full payment card details. All billing data is handled by our payment provider, which is PCI-DSS compliant.

Responsible disclosure

If you discover a security vulnerability in BankFlow, please report it responsibly to: security@bankflow.io. We take all security reports seriously and will investigate promptly.

Compliance

BankFlow processes data in accordance with applicable privacy regulations including GDPR (for EU users) and applicable regional privacy laws. See our Privacy Policy for details on data processing.

Privacy PolicyTerms of UseBankFlow home