Data Encryption & Storage
For paid users who sync data to the cloud, GigBooks uses encryption to protect your stored transactions.
How encryption works
- Each user has a unique encryption key derived from their account
- Transaction data is encrypted before being written to the database
- The encrypted blob is stored as a single field — it cannot be queried or searched server-side
- Only your authenticated session can decrypt and read the data
What's encrypted
- All transaction details (descriptions, amounts, dates, categories)
- Upload metadata stored in the encrypted blob
- Merchant mappings (for cloud sync)
What's NOT encrypted (metadata only)
- Your email address (needed for login)
- Subscription status (needed for feature gating)
- Upload counts and fiscal year labels (needed for the dashboard)
- Anonymized filenames (e.g., "upload_a3f8c2d1.pdf")
Infrastructure
- Database hosted on Supabase (PostgreSQL) in AWS Canada (ca-central-1)
- All database connections use TLS encryption in transit
- Database is encrypted at rest by Supabase
- Connection pooling via Supavisor with connection string encryption
Free tier
Free users' data is stored only in their browser (localStorage). No server-side storage occurs.
Related articles
How Your Financial Data is Protected
GigBooks processes bank statements in your browser. Learn how client-side parsing, encryption, and minimal data collection protect your privacy.
What Information the AI Receives
Exactly what data GigBooks sends to Claude AI for categorization — only anonymized merchant names and amounts, nothing else.
PDF Statement Privacy & PII Redaction
How GigBooks redacts personal information from PDF statements before AI processing — names, account numbers, and addresses are removed.