Exact Statement

Security

How Exact Statement stores, processes, deletes, and exposes statement data.
Mar 15, 2026

This page describes the current security and data-handling model implemented in the product today.

Current Data Flow

  1. Browser validation: the client validates selected PDFs before upload.
  2. Direct upload to storage: files are split into chunks and uploaded with presigned requests to secure object storage.
  3. Automated extraction: background workers send the uploaded data to an automated extraction provider and receive normalized statement rows plus warning summaries.
  4. Preview and export: the dashboard shows per-file status, warning summaries, previews, and export options for QBO, Xero, and XLSX.
  5. Delete or expire: users can delete uploads manually, and finished jobs are scheduled for cleanup after about 24 hours.

Storage And Processors

Object storage

Uploaded statement files are stored in secure object storage through presigned upload requests rather than a shared public upload endpoint.

Automated extraction

Statement files are processed automatically by a third-party extraction provider and then returned to the dashboard as structured rows, warning summaries, and export options.

Current provider categories

The current production deployment uses providers in these categories: secure storage, automated extraction, authentication, email delivery, and payment processing.

  • Secure object storage
  • Automated extraction providers
  • Authentication providers
  • Email delivery providers
  • Payment processing providers

Retention Model

  • You can delete an upload manually from the dashboard.
  • Finished statement jobs are scheduled for cleanup after about 24 hours.
  • Cleanup deletes uploaded files and extracted statement records.
  • Only minimal job-level metadata may remain archived for audit and billing.

Review And Human Access

Exact Statement does not run routine manual review of uploaded statements. Limited authorized access may occur only when required for support, security, billing, or legal obligations.

If you contact support, send the upload ID or reference code first. That usually lets us investigate without asking you to resend the original document immediately.

Security Controls

We use transport encryption for file upload and application traffic. We also sanitize user-facing error messages so support can work from reference codes without exposing provider internals in the UI.

No internet service can honestly promise zero risk. If you need the shortest possible retention window for a specific file, delete it from the dashboard as soon as you finish exporting.

What To Verify Before Import

  • Statement period and account selection
  • Amount signs
  • Warning rows about balance discrepancies
  • QBO or Xero import preview inside the destination app

For validation guidance, see Benchmarks & Validation.

Security