← Back to CheckSpent

Security Policy

Last updated: 23 March 2026

1. No Bank Access

CheckSpent does not connect to your bank and cannot access, modify, or initiate transactions on your bank accounts. We have no ability to view your balances, move funds, or perform any banking operations on your behalf. The only data we analyse is the file you voluntarily upload.

2. File Processing

Uploaded files (PDF, CSV, or screenshot) are processed in memory only and are never written to disk or stored after analysis. Once your subscription report has been generated, the original file is discarded and cannot be recovered.

3. Personal Banking Identifiers

We do not extract, store, or retain your name, account number, BSB, sort code, or any other personal banking identifier from uploaded files. Our analysis engine is designed to read only transaction descriptions, dates, and amounts — the minimum information needed to identify recurring subscriptions.

4. Report Expiry

Subscription reports expire automatically after 24 hours. After expiry, all report data is permanently deleted and cannot be retrieved.

5. Encryption

All data in transit between your browser and our servers is encrypted using TLS/SSL. This ensures that uploaded files, analysis results, and all other communications are protected from interception.

6. Database Security

Our analytics database uses row-level security and is accessible only via server-side credentials. No client-side code or browser-based request can access the database directly.

7. Access Control

Access to production systems is restricted to authorised personnel only. We follow the principle of least privilege, granting team members only the access they need to perform their role.

8. AI Processing

AI processing of bank statements is performed transiently by third-party AI providers under data processing agreements that prohibit the use of your data for model training. Transaction data is sent to the AI provider only for the duration of the analysis and is not retained by the provider after processing is complete.

9. Payment Security

Payment processing is handled by Stripe, which is PCI-DSS compliant. CheckSpent does not store credit card numbers, payment credentials, or any other sensitive payment information. All payment data is processed and secured entirely by Stripe.

10. Security Reviews

We conduct periodic security reviews of our infrastructure and third-party providers to ensure ongoing compliance with our security standards and to identify and address potential vulnerabilities.

11. Reporting Security Concerns

If you become aware of any security concern or believe you have discovered a vulnerability, please contact us immediately at security@checkspent.com. We take all reports seriously and will respond promptly.

See every subscription you pay for

Upload your bank statement — results in under 60 seconds.

For informational purposes only. Not financial advice.