How we handle your files
The exact lifecycle of a statement, in six steps. This page is the promise the product is built on — the code has to match it.
1. Upload over TLS
Your statement travels encrypted from your browser to our server. Nothing is queued or stored on the way in.
2. Held as an in-memory buffer
The file lives only in the server's RAM while your audit runs. It is never written to a disk, a temp folder, or a database.
3. Sent to the AI provider for analysis
The statement is passed to the AI model that extracts recurring charges. Files are processed by Anthropic (or OpenAI, depending on configuration) under their API data policies — API inputs are not used to train models. See anthropic.com/legal/commercial-terms and openai.com/enterprise-privacy.
4. Buffer discarded when the response returns
As soon as the analysis comes back, the in-memory buffer goes out of scope and is gone. There is no copy to delete because none was made.
5. Report stored with last-4-only scrubbing
We keep only the report: merchant names, amounts, and dates. Before saving, a scrubber masks any 12–19 digit number to •••• + last 4 — belt and suspenders on top of the model's own instructions.
6. You can hard-delete anytime
Deleting a report deletes the row. Deleting your account deletes you, your reports, and your payment records on our side. No soft deletes, no 30-day limbo.
One honest limitation: WatchWallet is an early-stage product run by a small team — we keep the attack surface small by storing as little as possible.