How Your Financial Data is Protected

Privacy is the foundation of GigBooks. Your financial data is protected at every step.

Client-side processing

When you upload a CSV file, it's parsed entirely in your browser using JavaScript. The raw transaction data — dates, descriptions, amounts — never leaves your device and never touches our servers.

What our server sees

The only data sent to our server is:

• Merchant names (anonymized, stripped of long digit sequences) and amounts for AI categorization
• Metadata — file type, bank detected, transaction count (no actual transactions)

What the AI sees

When Claude AI categorizes your transactions, it receives only:

• Merchant name (e.g., "STARBUCKS")
• Amount (e.g., -15.42)

It does NOT receive: dates, your name, account numbers, full descriptions, or any identifying information.

Database encryption

For paid users who sync data to the cloud:

• Transactions are encrypted with a per-user key before storage
• The encrypted blob can only be decrypted with your account credentials
• Even database administrators cannot read your transaction data

No raw file storage

GigBooks never stores your original CSV or PDF files. After parsing, the file is discarded. Only structured transaction data (in your browser) and anonymized categorization results are retained.

Receipt images

When you scan a receipt, the compressed image is uploaded to secure cloud storage (AWS Canada) for AI extraction. Free-tier images are deleted immediately after extraction. Paid-tier images are retained for up to 6 years so you can reference the original receipt alongside the transaction. Images are accessible only via time-limited signed URLs — they are never publicly viewable.

Account deletion

When you delete your account, all associated data is permanently destroyed within 30 days. You have a 30-day grace period to change your mind.