BanklyzeBanklyze

Security

Security at Banklyze

How we protect your most sensitive financial data.

At Banklyze, security isn't an afterthought — it's foundational. You trust us with your most sensitive financial documents, and we take that responsibility seriously. Every layer of the platform is designed to keep your data safe, private, and under your control.

Built-In Protection

Core Security Measures

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Every API request is secured end-to-end.

Encryption at Rest

Uploaded bank statements, extracted financial data, and generated reports are encrypted at rest using AES-256 encryption.

Access Controls

Role-based access controls (RBAC), API key authentication, rate limiting, and session management protect every entry point.

Infrastructure

Our application runs on SOC 2-compliant cloud infrastructure with regular security audits, automated patching, and network isolation.

Password Security

User passwords are salted and hashed using industry-standard algorithms. We never store or transmit plaintext passwords.

AI Data Handling

Statement data sent to AI providers is processed ephemerally. It is never stored by the provider and is never used to train AI models.

Your Data, Your Rules

Data Handling Practices

Your data is never sold

We do not sell, rent, or trade your personal information or financial data to third parties. Period.

Used only to provide the service

Financial documents are processed solely to deliver statement analysis, underwriting metrics, and reports to you.

Audit logging tracks all access

Every data access event is logged with timestamps, user identity, and action type for complete accountability.

Delete your data at any time

You can delete individual deals, uploaded documents, and your entire account at any time. Deletions are permanent.

Compliance & Certifications

We are actively pursuing industry-recognized security certifications to formalize our security posture.

  • SOC 2 Type II — Compliance journey in progress with targeted completion in 2026
  • CCPA — Compliant with the California Consumer Privacy Act; users may exercise their data rights at any time
  • Encryption Standards — TLS 1.2+ in transit, AES-256 at rest, aligned with NIST guidelines

Responsible Disclosure

We value the work of security researchers and the broader security community. If you believe you have found a security vulnerability in Banklyze, we encourage you to report it responsibly.

Please send details of the vulnerability to security@banklyze.com. Include a description of the issue, steps to reproduce, and any relevant screenshots or proof-of-concept. We ask that you give us reasonable time to investigate and address the issue before any public disclosure.

Questions about our security?

If you have questions about how we protect your data, need security documentation for your compliance requirements, or want to discuss our security practices, our team is here to help.

Thornebridge Holdings LLC

security@banklyze.com
banklyze.com

We aim to respond to all security inquiries within 48 hours.