Your financial documents deserve the highest level of protection. We built PaperVault with security as the foundation—not an afterthought.
We never ask for your bank login credentials.Unlike Mint, Monarch, Copilot, and other budget apps that require Plaid connections, PaperVault takes a fundamentally different approach.
Multiple layers of security work together to keep your documents safe.
All data transmitted between your device and our servers uses TLS 1.3 encryption—the same standard used by banks.
Your documents and data are encrypted using AES-256 encryption when stored, making them unreadable without proper keys.
Passwords are hashed using bcrypt with strong salt. We never store plaintext passwords. Optional 2FA adds another layer.
Database policies ensure users can only access their own data. Even in the event of a breach, data isolation is maintained.
All access to your data is logged and monitored for suspicious activity. You can review your account activity.
Hosted on AWS infrastructure with SOC 2 Type II certification. Regular security patches and updates applied.
Documents are processed in isolated environments. Files are scanned for malware before processing.
Your documents are NOT used to train AI models. Processing happens in real-time without persistent storage in AI systems.
We partner with industry-leading providers who meet the highest security standards.
Database & Storage
Application Hosting
AI Processing
We adhere to industry standards and regulations to protect your data.
EU data protection compliance
California privacy compliance
Via our infrastructure partners
TLS 1.3 encryption everywhere
You maintain full control over your data at all times.
View and download all your data at any time through your account settings.
Export your documents and data in standard formats (CSV, PDF) anytime.
Request complete account and data deletion. We honor all requests within 30 days.
Security is an ongoing commitment, not a one-time effort.
We continuously update our dependencies and apply security patches. Our infrastructure is automatically updated with the latest security fixes.
We follow the principle of least privilege. Only essential personnel have access to production systems, and all access is logged and audited.
We have documented incident response procedures. In the unlikely event of a security incident, we will notify affected users promptly.
We perform regular security assessments and vulnerability scanning. Critical issues are addressed immediately upon discovery.
We take security seriously. If you discover a security vulnerability, please report it responsibly. We appreciate your help in keeping PaperVault secure.
security@papervault.one
Please include detailed information about the vulnerability. We will acknowledge receipt within 24 hours and provide updates on our investigation.
No, never. We never ask for or store bank login credentials. Unlike apps that use Plaid, we use a document-based approach where you upload statements rather than connecting accounts.
Access to customer data is strictly limited. Only essential personnel with legitimate business needs can access production data, and all access is logged. We do not review customer documents except when explicitly requested for support.
No. Your documents are processed by Anthropic's Claude API to extract financial data, but they are NOT used to train AI models. Anthropic's data processing agreement explicitly prohibits training on customer data.
All your data, including documents and extracted information, is permanently deleted within 30 days. Encrypted backups may persist for up to 90 days before automatic expiration.
Absolutely not. We do not sell, rent, or trade your personal information or document data. Your data is used solely to provide you with our services.