How we protect your bank statement PDFs.
Concrete answers about how Sortlumo stores, processes, and protects the financial data you upload — written in plain English, not legalese.
Four things we won't compromise on.
We never connect to your bank
Sortlumo has no integration with Plaid, MX, Yodlee, or any other bank aggregator. There is no field anywhere in the product for banking credentials. The only way data gets in is a PDF you upload.
Your PDFs live in your account, not a shared pool
Uploaded statements are stored against your user ID in encrypted storage. They are never used to train models, never aggregated with other users' data, never sold, and never shared.
Categorization runs server-side, results stay yours
When we categorize transactions, the model inference happens on our servers under our own keys. Results write back to your account only. No third-party analytics service receives your transaction-level data.
Export and delete at any time
Every plan ships Excel export. You can delete any statement, every statement, or your entire account from the dashboard at any moment, and the underlying files are removed from object storage within 24 hours.
Three layers, plainly explained.
TLS 1.3 between you and Sortlumo. HSTS enforced. Modern cipher suites only.
PDFs and parsed transactions encrypted in the database with AES-256. Encryption keys are scoped per environment and rotated annually.
Sessions are stateless JWTs signed with HS256. Cookies are httpOnly, Secure, SameSite=Lax. Sign-in requires email + password and supports TOTP-based 2FA.
Every vendor that touches data.
We list every third party that processes any data on behalf of Sortlumo. We add to this list when it changes; we don't quietly swap vendors.
| Vendor | Purpose | Data shared |
|---|---|---|
| Cloudflare | DNS, TLS, edge caching for marketing pages | Standard HTTP request metadata |
| Stripe | Subscription billing | Email, plan, payment method (held by Stripe, not by us) |
| Resend | Transactional email | Your email address, the contents of receipts and security notices |
| Anthropic & Google Gemini | Categorization model inference | Anonymized transaction descriptions and amounts. No account number, no statement metadata, no user identifier |
Common security questions.
Do you read my PDFs to train AI models?
No. We use commercial AI APIs (Anthropic and Google Gemini) for transaction categorization only, and we send anonymized transaction strings — not your name, account number, or statement file. Both providers contractually agree not to train on data sent through their APIs.
How long do you keep my statements?
Until you delete them. We don't run any automatic deletion. When you delete a statement (or close your account), the PDF is removed from object storage within 24 hours and from backups within 30 days.
Can law enforcement get my data?
We comply with valid US legal process. We will notify you of any request unless legally prohibited from doing so. Since we don't have your banking credentials and we only store what you uploaded, the surface area is limited to that.
What happens if I forget my password?
You can reset it via the link on /signin. We send a single-use reset link to your verified email. PDFs and categorized data stay encrypted — we cannot read your transactions for support purposes either.
Found a security issue? Email [email protected]. We respond within one business day.