Skip to main content

API security · private pilot

Review the data path before production statements enter it.

This page separates controls used by the current conversion service from API-specific controls that must be accepted and documented for each pilot. It is not a certification or an absolute security guarantee.

Current service controls

Evidence-backed controls already used by BankScanPro.

Encrypted transport and storage

The current conversion service uses encrypted transport and encrypted-at-rest Cloudflare storage for source and result artifacts.

Purpose-limited document use

Statement files are used to deliver the conversion. They are not used for marketing analytics, financial profiling, resale, or model training.

Financial data stays out of analytics

Product events measure workflow state and volume buckets without filenames, account numbers, balances, payees, or raw transaction text.

Data flow

Five boundaries every pilot must understand.

  1. 01

    Request

    Your server sends a PDF and non-sensitive request metadata over encrypted transport.

  2. 02

    Source storage

    The source artifact is stored under a non-public object key for the conversion lifecycle.

  3. 03

    Asynchronous processing

    Queue and processing components create a source-grounded result and validation envelope.

  4. 04

    Result delivery

    Your server retrieves the result or receives a signed terminal-status notification.

  5. 05

    Retention and deletion

    Artifacts follow the published privacy policy and the additional terms agreed for the pilot.

Required before production access

API controls are acceptance gates, not landing-page promises.

A qualified pilot records ownership, verification, fallback, retention, and incident contacts before credentials are used with production financial documents.

Scoped API credentials

The v1 contract uses server-side bearer credentials. Key issuance, rotation, revocation, and environment separation must pass pilot acceptance before production access.

Signed webhook delivery

Webhook consumers verify a timestamped signature and reject replayed or stale deliveries. Polling remains available as a recovery path.

Agreed retention and deletion

The pilot agreement documents source-file retention, result availability, deletion requests, and any customer-specific retention requirement.

What we need from pilot customers

  • Keep API credentials on trusted server infrastructure.
  • Do not place statement contents or client identifiers in idempotency keys, log labels, or analytics fields.
  • Verify webhook signatures and design a polling recovery path.
  • Define who can review `partial` and `needs_review` results.
  • Provide a security and deletion contact for the pilot.

Materials available during qualification

  • Data-flow and subprocessor discussion.
  • DPA review for eligible commercial pilots.
  • Authentication and webhook verification contract.
  • Retention and deletion requirements worksheet.
  • Acceptance corpus and result-review plan.

Scope security before sending sample statements.

Tell us about your retention, DPA, logging, and review requirements in the pilot application.

Apply for API Pilot →Sample JSON