Security Brief

Your data is
yours alone.

We process, we extract, we return — we don’t keep, don’t train, don’t share. The technical details below are specific, not marketing copy.

Encryption
AES-256
Transport
TLS 1.3
Infrastructure (Supabase)
SOC 2 Type II
BOFFO SOC 2
In progress
Compliance
GDPR
AI extraction retention
0 — Google ZDR
Source PDF retention
7 yrs (on request: delete)

Data lifecycle

What happens to your PDF

Every upload moves through four stages. Each stage has a specific protection — and most end with deletion.

01Upload
< 1 second

Encrypted in transit

Files travel over TLS 1.3. Certificates are pinned and HSTS is enforced across the domain. Upload URLs are single-use and expire.

Technical controls
  • TLS 1.3
  • HSTS preload
  • Single-use presigned URLs
02Storage
< 2 minutes

Ephemeral and encrypted

PDFs land in an encrypted bucket with AES-256 at rest. They never touch our database. Access is restricted to the single extraction worker that will process them.

Technical controls
  • AES-256 at rest
  • Worker-scoped IAM
  • Isolated S3 bucket
03Extraction
5 – 30 seconds

Processed and stored securely

The AI agent reads the document, extracts structured data (holdings, transactions, balances), and writes the result to your encrypted database row. The original PDF is retained in encrypted storage — not deleted — so we can re-verify extractions, power side-by-side source comparisons, and keep an auditable record of what the bank sent you.

Technical controls
  • Per-tenant isolation
  • Row-level security
  • Source PDF retained (encrypted)
04At rest
7 years (client-requested deletion available)

Structured data + source PDFs

Your extracted data (holdings, values, dates) lives in an encrypted Postgres database with Row-Level Security. The source PDFs stay in encrypted object storage for the retention window — aligned with financial record-keeping requirements and your right to verify any number against the original bank document. You can request deletion of source PDFs at any time; extracted data remains until you delete the account.

Technical controls
  • Postgres RLS
  • AES-256 at rest
  • Right-to-delete on request

Our promises

What we will never do with your data.

We believe in stating the truth plainly — including where we do use your data. BOFFO retains source PDFs in encrypted storage so you can verify any number against the original bank document, and so our system keeps learning extraction patterns from anonymized corrections. We never train external models, sell your information, or read your statements without an audited reason — and you can request deletion of source files at any time.

Share your statements with external AI trainers

We use Gemini and Claude to read your PDFs — under zero-retention contracts that forbid using your data to train their models. We do learn extraction patterns internally (anonymized field-level hints, not statement contents) so accuracy improves for everyone over time.

Sell or share your data with third parties

No data brokers. No advertising partners. No affiliate arrangements. The only place your data goes is back to you, in the format you requested.

Store your bank credentials

We never ask for bank passwords. BOFFO works from PDFs you upload — it doesn’t touch your live bank account. If you use email forwarding, OAuth tokens are revocable and scope-limited.

Use PDFs for anything except serving you

We retain your source PDFs in encrypted storage — but only to power source-linked verification, audit trails, and re-extraction when accuracy improves. They are not shared, not trained on by external models, and never accessed without a logged reason. You can request deletion of source files at any time and the extracted data stays intact.

Read your data without permission

Engineers cannot view customer data without an explicit audit-logged reason. Row-Level Security in Postgres enforces this at the database layer — not just in application code.

Lock you in

Every piece of your data is exportable as Excel, CSV, or JSON. Account deletion removes every row within 24 hours. No dark patterns.

Compliance

Certified,
audited,
accountable.

Our infrastructure runs on providers with verified compliance. We carry our own audits where it matters.

SOC 2 Type II

Infrastructure providers (Supabase, Vercel, Render) carry SOC 2 Type II certification. BOFFO’s own SOC 2 audit is in progress (2026).

GDPR

Full compliance with EU General Data Protection Regulation. EU-based data subjects have right of access, rectification, erasure, and portability.

CCPA

California Consumer Privacy Act compliance. California residents can request disclosure and deletion of their data at any time.

ISO 27001

Infrastructure providers hold ISO 27001 certification for information security management. BOFFO follows the same practices internally.

If something goes wrong

Our incident response, in plain English.

< 1h
Step 01

Detect

Automated monitoring and manual review

< 4h
Step 02

Contain

Isolate affected systems, rotate credentials

< 24h
Step 03

Notify

Email to every affected customer with specifics

< 72h
Step 04

Report

Public post-mortem with root cause and remediation

Security contact

Report a vulnerability

Found a security issue? We want to know. Send details to security@boffofinance.com. We acknowledge within 24 hours and respond in good faith. Coordinated disclosure welcome.

security@boffofinance.com

Ready to start?

Security you can inspect.
Software you can trust.

Start free trialSee how it works