Enterprise-Grade Security
Your data encrypted with AES-256 and stored in Canada
Start Secure Processing →✨ 5 free extractions • No credit card required
📌 At a Glance
- Encryption: AES-256 at rest, TLS 1.2+ in transit
- Data Location: Stored in Montreal, Canada data center
- Compliance: SOC 2 Type 2 (OpenAI), ISO 27001 (Firebase)
- Your Control: Access, export, or delete your data anytime
Our Security Foundation
PDF Invoice Reader leverages enterprise-grade security from industry leaders. Your data is processed through OpenAI's SOC 2 Type 2 certified infrastructure and stored in Google Cloud's Montreal data center using ISO 27001 certified Firebase platform, keeping your Canadian business data within Canadian borders.
Data Encryption
🔒 In Transit
Your data is protected during transmission:
TLS 1.2+ encryption to OpenAI APIs
HTTPS/TLS encryption to Firebase
SSL certificates on all pages
Encrypted API communications
🛡️ At Rest
Your data is encrypted and protected:
AES-256 encryption at OpenAI
AES-256 encryption in Firestore
Automatic key rotation
Google Cloud hardened infrastructure
Platform Security Infrastructure
☁️ Google Cloud Infrastructure
ISO 27001, SOC 1/2/3 certified
Automatic security patching
Network-level DDoS protection
Physical data center security
Regular third-party audits
🔥 Firebase Security Features
Firebase Security Rules for data access
App Check for API protection
Built-in monitoring and alerting
Automatic SSL certificates
Data isolation between projects
Application Security
🔐 Authentication & Access
Sign in with Google option
Email/password authentication
Email verification required
Password reset via email
Secure session management
🌐 Application Security
HTTPS on all pages
Secure API connections
Client-side input validation
No local data storage
Stateless architecture
Data Processing & Retention
⚡ How We Process Your Data
PDF extraction via OpenAI Vision API
Database queries through Firestore
No AI training on your data
SOC 2 Type 2 compliant processing
📅 Data Retention & Control
Your data stays in your account while subscribed
OpenAI: 30-day temporary retention only
Access your data anytime
Export as CSV whenever needed
Delete your data or account anytime
🇨🇦 Canadian Data Residency
Data stored in Montreal (northamerica-northeast1)
Remains within Canadian borders
Low latency for Canadian users
Complies with data sovereignty preferences
Privacy Principles
🇨🇦 What We DON'T Do
We never sell your data
We never share your information
We don't process personal information
We don't link data to individuals
We don't use your data for marketing
🔒 Data Anonymity
Invoice data not linked to identity
No personal information collected
Account email is only identifier
Business documents only
Financial data stays anonymous
Platform Certifications
While PDF Invoice Reader focuses on processing business documents without personal information, our technology partners maintain the highest security certifications:
✅ Infrastructure Certifications
Firebase: ISO 27001, SOC 1/2/3
OpenAI: SOC 2 Type 2
Stripe: PCI DSS Level 1
Google Cloud: ISO 27017/27018
Account & Data Control
👤 Account Access
Sign in with Google available
Email and password authentication
Password reset via email
Secure logout functionality
Session management
🎛️ Your Data Control
Export invoices as CSV anytime
Access your data 24/7
Delete your account on request
Data remains yours
No lock-in period
Security Recommendations
💡 Protect Your Account:
Use Google Sign-in when available
Choose a strong, unique password
Don't share your login credentials
Log out on shared devices
Export your data regularly for backup
Keep your browser updated
Third-Party Services
💳 Payment Security
All payments processed by Stripe:
PCI DSS Level 1 certified
We never see your card details
Tokenized secure payments
Industry-leading fraud detection
🔗 Future Integrations
When we add integration partners, we'll ensure:
OAuth 2.0 authentication
Encrypted API communications
Security review before integration
Limited scope permissions
Security Infrastructure Management
Your data security is managed through our certified technology partners who provide enterprise-grade protection:
🔒 Managed Security Services
Firebase/Firestore: 24/7 infrastructure monitoring
OpenAI: SOC 2 certified incident response
Stripe: Continuous fraud monitoring
Automatic security updates across all platforms
Enterprise-grade threat detection
✅ Platform Security Teams
Google Cloud's security operations center
OpenAI's dedicated security team
Stripe's fraud prevention specialists
Combined decades of security expertise
Industry-leading response capabilities
Report Security Concerns
🔒 Security Questions or Concerns?
If you have any security concerns or discover a potential issue, please contact us:
We appreciate responsible disclosure and will respond as soon as possible.
Questions About Security?
Contact us with any questions about how we protect your data:
Frequently Asked Security Questions
Q: Where is my data stored?
A: Your invoice data is stored in Google Cloud's Montreal data center (northamerica-northeast1), keeping your Canadian business data within Canadian borders. OpenAI temporarily retains processing data for 30 days, while your saved invoices remain in your Firebase account as long as you maintain your subscription.
Q: How is my data encrypted?
A: All data is protected with AES-256 encryption at rest and TLS 1.2+ encryption in transit. This includes data stored in Firebase, processed by OpenAI, and any payment information handled by Stripe. Encryption happens automatically without any action required from you.
Q: Do you sell or share my data?
A: No, we never sell your data, share your information, or use it for marketing. We don't process personal information, and invoice data isn't linked to individual identities. Your data is used solely to provide you with invoice extraction services.
Q: Who handles security monitoring and incidents?
A: Security is managed by our certified technology partners. Firebase/Google Cloud provides 24/7 infrastructure monitoring, OpenAI maintains SOC 2 certified incident response, and Stripe handles continuous fraud monitoring. These industry leaders have dedicated security teams and enterprise-grade protection.
Q: Can I delete my data?
A: Yes, you have full control over your data. You can export your invoices as CSV anytime for backup, and request account deletion whenever you choose. OpenAI automatically deletes processing data after 30 days, and you can contact us at chatbotgenius1@gmail.com to request complete data removal.
Start Processing Invoices Securely
Trusted by Canadian businesses focused on accurate tax extraction
Get Started Free →No credit card required • 5 free extractions