Security

Last Updated: March 2026


You trust us with your clients' financial data. Here's how we protect it.

How Your Data Is Processed

Documents you upload are sent to third-party AI services for OCR, extraction, transaction matching, and vendor normalization. Only one service receives your raw document files; the others receive only extracted or structured data (such as payee names and transaction fields). Structured results are stored in our database. Files sent to processing services are auto-deleted within 48 hours.

A list of our subprocessors is available on request — email support@helloconto.com.

We Do Not Train on Your Data

Your client data is never used to train AI models.

When we use AI to extract transactions from bank statements, your documents are processed and the results returned — they are not added to any training dataset. Under our AI providers' standard API terms, inputs sent via their APIs are not used for model training.

Abuse monitoring: Our AI providers retain minimal logs for abuse detection and policy enforcement (up to 55 days depending on provider). These logs are used only for safety purposes and are never used for model training.

Conto's pattern-learning features (vendor name normalization, category suggestions) learn only from your own historical data within your account. Your patterns are never shared with other users.

Encryption

  • In transit — All connections use TLS 1.2 or higher.
  • At rest — All stored data is encrypted using AES-256 at the infrastructure level.

Tenant Isolation

Your data is isolated from other customers at the database level using row-level security policies. Each firm's data — counterparties, transaction patterns, GL accounts — is scoped to that firm. No cross-tenant access is possible through the application.

The FTC Safeguards Rule and Your In-House Server

Tax and accounting firms are "financial institutions" under the FTC Safeguards Rule (part of the Gramm-Leach-Bliley Act). Since 2023 it has required covered firms to encrypt customer information at rest and in transit, restrict who can access it, and protect client financial data against loss and breach; a 2024 amendment added breach-notification duties.

When that data lives on a server in your office, those obligations — encryption, offsite backup, access control, ransomware recovery — are entirely yours to build and maintain. For the documents you put in Conto, that work is already done:

  • Encrypted and offsite by default — AES-256 at rest, TLS 1.2+ in transit, stored in the cloud rather than on hardware you have to secure and back up yourself.
  • Walled off per firm — row-level isolation scopes each firm's documents and patterns to that firm; no cross-tenant access through the application.
  • US-based processing, no model training — all AI subprocessors are US-based and never use your data to train models.

Conto is not a substitute for your firm's own written information security program — the Safeguards Rule still applies to your practice as a whole — but for the client financial documents you store and process here, the encryption, isolation, and offsite storage the Rule expects are handled for you. Email support@helloconto.com for documentation to support your compliance review.

Data Retention & Deletion

Our data retention policy aligns with IRS guidelines (7 years for financial records). You can request deletion of your data at any time by emailing support@helloconto.com. We process deletion requests within 45 days. Data subject to legal retention requirements is restricted — removed from active product features but retained until the retention period expires.

Full details in our Data Retention Policy.

Tax Practitioner Considerations (IRS Section 7216)

If you're a tax practitioner subject to IRS Section 7216, which restricts disclosure of tax return information to third parties:

Conto processes source documents (bank statements, receipts, invoices) to extract and categorize transactions. Our upload flow accepts any PDF or image — it is your responsibility to ensure you have appropriate consent before uploading documents that contain taxpayer information.

How we handle your data:

  • No disclosure to third parties — Your data is not shared with other users, sold, or used for marketing. Subprocessors receive data only to perform document extraction, transaction matching, and vendor normalization. All AI subprocessors are US-based.
  • No AI training — AI providers do not use API inputs for model training under their standard terms.
  • You control deletion — Request deletion at any time and we process it within 45 days.

We recommend consulting your firm's compliance advisor to confirm that using Conto fits within your 7216 disclosure consent framework. We're happy to provide additional documentation — email support@helloconto.com.

Questions?

Email support@helloconto.com. We respond within 2 business days.