Statement ZenStatement Zen

Security you can trust

Your financial data deserves serious protection. Statement Zen is built with security at every layer — and a deliberate bias toward keeping as little of your data as possible.

WAF Protected(Cloudflare)
PCI DSS(via Stripe)
APP(Compliant)
GDPR(Aligned)

Post-Quantum TLS

Connections are protected with Cloudflare's hybrid post-quantum key exchange (ML-KEM) where the client supports it, with TLS 1.3 enforced and SSL set to strict — guarding your data against both current and future threats.

AES-256 Encryption at Rest

Stored data is encrypted at rest with AES-256 on managed AWS and Cloudflare services. Raw uploads are processed transiently and are not kept beyond what's needed to return your result.

Cloudflare Edge + WAF

All traffic is routed through Cloudflare's global edge with a Web Application Firewall running the Cloudflare Managed, OWASP Core, and Exposed-Credentials rulesets, plus DDoS protection and rate limiting.

PCI DSS — handled by Stripe

All payments are processed by Stripe, a PCI DSS Level 1 payment provider. Statement Zen never stores, processes, or transmits card data.

Role-Based Access + MFA

Authentication and identity run on Kinde. Role-based access keeps team members scoped to what they need, and multi-factor authentication is available across accounts.

Data Minimisation by Design

We keep as little as possible. Uploaded statements are processed and purged, reconciliation results are not retained, and we hold usage counts rather than your financial documents.

Privacy: APP + GDPR

Compliant with the Australian Privacy Principles (APP) and built to align with the EU GDPR. We honour data-subject access and deletion requests and disclose our sub-processors.

Responsible Disclosure

Security reports are reviewed quickly — we aim to acknowledge within two business days and will not pursue good-faith researchers who report responsibly.

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please report issues to security@statementzen.com. We aim to acknowledge reports within two business days and will not take legal action against good-faith security researchers.

Serious security, self-serve simplicity

Start free — 25 verified statements a month, no card required.

Start free