Security
When you process client bank statements, you need to know exactly how that data is stored, who can access it, and when it is deleted. Here is the full picture.
All data transferred between your browser and our servers is encrypted using TLS 1.2 or higher. No unencrypted connections are accepted.
Uploaded files and extracted transaction data are stored using AES-256 encryption in Supabase Storage. Your documents are never stored in plain text.
A scheduled job permanently deletes uploaded PDFs within 24 hours of upload. No manual action required — the files are gone automatically.
Supabase row-level security (RLS) policies ensure that users can only read and write their own data. Database rows are invisible to other accounts.
We do not sell, rent, or share your financial data or extracted transactions with any third party for advertising, analytics, or any other purpose.
Document previews use signed, time-limited URLs that expire after one hour. Even if a URL is shared, it cannot be used after expiry.
We retain different types of data for different periods. The table below is the complete picture — no hidden retention.
You can also delete statements and their files manually at any time from your dashboard. Manual deletion is immediate and permanent.
The following third-party services process data on our behalf. Each is contractually obligated to protect your data and may only use it to deliver their service to us.
Documentric is not currently SOC 2 certified. Our infrastructure runs on Supabase (SOC 2 Type II certified) and Vercel. We follow security best practices including encryption at rest and in transit, row-level security, and automated file deletion. Enterprise customers can request our security documentation.
Yes. We follow GDPR principles of data minimisation and storage limitation. Uploaded files are automatically deleted within 24 hours. Users can request deletion of their account and all associated data at any time. See our Privacy Policy at /privacy for full details.
Yes. You can delete any statement and its associated files manually from your dashboard at any time. Manual deletion is immediate and permanent. The 24-hour automatic deletion is a safety net, not a minimum retention period.
We share data only with the sub-processors listed on this page (Supabase, LlamaParse, Vercel) — and only to the extent necessary to deliver the service. We never sell data, share it with advertisers, or use it for any purpose beyond operating Documentric.
All data in transit is encrypted with TLS 1.2 or higher. Data at rest (files and database rows) is encrypted using AES-256 in Supabase Storage. Document preview URLs are signed and expire after one hour.
For the full legal picture, read our Privacy Policy. Privacy or data requests can be sent to privacy@documentric.com.