API security · private pilot
Review the data path before production statements enter it.
This page separates controls used by the current conversion service from API-specific controls that must be accepted and documented for each pilot. It is not a certification or an absolute security guarantee.
Current service controls
Evidence-backed controls already used by BankScanPro.
Encrypted transport and storage
The current conversion service uses encrypted transport and encrypted-at-rest Cloudflare storage for source and result artifacts.
Purpose-limited document use
Statement files are used to deliver the conversion. They are not used for marketing analytics, financial profiling, resale, or model training.
Financial data stays out of analytics
Product events measure workflow state and volume buckets without filenames, account numbers, balances, payees, or raw transaction text.
Data flow
Five boundaries every pilot must understand.
- 01
Request
Your server sends a PDF and non-sensitive request metadata over encrypted transport.
- 02
Source storage
The source artifact is stored under a non-public object key for the conversion lifecycle.
- 03
Asynchronous processing
Queue and processing components create a source-grounded result and validation envelope.
- 04
Result delivery
Your server retrieves the result or receives a signed terminal-status notification.
- 05
Retention and deletion
Artifacts follow the published privacy policy and the additional terms agreed for the pilot.
Required before production access
API controls are acceptance gates, not landing-page promises.
A qualified pilot records ownership, verification, fallback, retention, and incident contacts before credentials are used with production financial documents.
Scoped API credentials
The v1 contract uses server-side bearer credentials. Key issuance, rotation, revocation, and environment separation must pass pilot acceptance before production access.
Signed webhook delivery
Webhook consumers verify a timestamped signature and reject replayed or stale deliveries. Polling remains available as a recovery path.
Agreed retention and deletion
The pilot agreement documents source-file retention, result availability, deletion requests, and any customer-specific retention requirement.
What we need from pilot customers
- Keep API credentials on trusted server infrastructure.
- Do not place statement contents or client identifiers in idempotency keys, log labels, or analytics fields.
- Verify webhook signatures and design a polling recovery path.
- Define who can review `partial` and `needs_review` results.
- Provide a security and deletion contact for the pilot.
Materials available during qualification
- Data-flow and subprocessor discussion.
- DPA review for eligible commercial pilots.
- Authentication and webhook verification contract.
- Retention and deletion requirements worksheet.
- Acceptance corpus and result-review plan.
Scope security before sending sample statements.
Tell us about your retention, DPA, logging, and review requirements in the pilot application.