Security Overview

PrivacyBooks uses a local-first architecture. Document processing — including PDF parsing and transaction extraction — runs entirely in your browser using client-side JavaScript. Your financial documents are never uploaded to our servers.

The server only delivers the application code itself. Once loaded, the app operates independently without further server communication for document processing.

Your sensitive financial data is handled with care at every step:

• Documents are parsed in-browser — no server round-trips.
• Extracted transactions remain in browser memory only.
• Exported files (CSV, JSON, and Excel) are generated locally and downloaded directly.
• No financial data is logged, cached, or stored server-side.

Your statements are never used to train our AI models. Your documents exist only in your browser session and are discarded when you close the tab or navigate away. We do not retain copies of your financial data for any purpose.

You control how long data is retained. Since all processing is local, closing the browser tab removes all document data. You can also clear your browser storage at any time to remove any cached preferences.

All document processing already runs locally in your browser. Where supported, the application can operate entirely offline after the initial page load, with no network requests made during document processing.

While your financial documents are processed entirely in your browser, the application relies on a small number of third-party services for hosting, authentication, and payments. None of these services receive your financial document data.

For full details on each provider and what data they receive, see our privacy policy.

All connections to PrivacyBooks are encrypted via HTTPS/TLS. The application is served over secure connections with modern TLS configurations.

If you discover a security vulnerability, please report it responsibly via our contact page. We take all security reports seriously and will respond promptly.