Security

Last Updated: March 2026

You trust us with your clients' financial data. Here's how we protect it.

How Your Data Is Processed

Documents you upload are sent to third-party AI services for OCR, extraction, transaction matching, and vendor normalization. Only one service receives your raw document files; the others receive only extracted or structured data (such as payee names and transaction fields). Structured results are stored in our database. Files sent to processing services are auto-deleted within 48 hours.

A list of our subprocessors is available on request — email support@helloconto.com.

We Do Not Train on Your Data

Your client data is never used to train AI models.

When we use AI to extract transactions from bank statements, your documents are processed and the results returned — they are not added to any training dataset. Under our AI providers' standard API terms, inputs sent via their APIs are not used for model training.

Abuse monitoring: Our AI providers retain minimal logs for abuse detection and policy enforcement (up to 55 days depending on provider). These logs are used only for safety purposes and are never used for model training.

Conto's pattern-learning features (vendor name normalization, category suggestions) learn only from your own historical data within your account. Your patterns are never shared with other users.

Encryption

  • In transit — All connections use TLS 1.2 or higher.
  • At rest — All stored data is encrypted using AES-256 at the infrastructure level.

Tenant Isolation

Your data is isolated from other customers at the database level using row-level security policies. Each firm's data — counterparties, transaction patterns, GL accounts — is scoped to that firm. No cross-tenant access is possible through the application.

Data Retention & Deletion

Our data retention policy aligns with IRS guidelines (7 years for financial records). You can request deletion of your data at any time by emailing support@helloconto.com. We process deletion requests within 45 days. Data subject to legal retention requirements is restricted — removed from active product features but retained until the retention period expires.

Full details in our Data Retention Policy.

Tax Practitioner Considerations (IRS Section 7216)

If you're a tax practitioner subject to IRS Section 7216, which restricts disclosure of tax return information to third parties:

Conto processes source documents (bank statements, receipts, invoices) to extract and categorize transactions. Our upload flow accepts any PDF or image — it is your responsibility to ensure you have appropriate consent before uploading documents that contain taxpayer information.

How we handle your data:

  • No disclosure to third parties — Your data is not shared with other users, sold, or used for marketing. Subprocessors receive data only to perform document extraction, transaction matching, and vendor normalization. All AI subprocessors are US-based.
  • No AI training — AI providers do not use API inputs for model training under their standard terms.
  • You control deletion — Request deletion at any time and we process it within 45 days.

We recommend consulting your firm's compliance advisor to confirm that using Conto fits within your 7216 disclosure consent framework. We're happy to provide additional documentation — email support@helloconto.com.

Questions?

Email support@helloconto.com. We respond within 2 business days.