This page explains exactly what happens to your data — not in policy language, but in plain terms. What is stored. What is discarded. What you can do. What we will never do.
"We never sell. Not your data.
Not our values. Not the company you trust."
Vithropic founding commitment
All data stored in Vithropic — your transactions, balances, health metrics, briefing history, and account details — is encrypted at rest using AES-256 encryption. All data in transit uses TLS 1.3. No data moves in plaintext. The encryption applies to everything we retain, and what we don't retain never reaches storage in the first place.
API credentials, database connection strings, and service keys never exist in code or configuration files. All secrets live in a dedicated, access-controlled vault with full audit logging — every access is recorded, timestamped, and reviewed. Our application services authenticate using short-lived managed identity tokens. There are no long-lived credentials that can be compromised, because they don't exist.
Every service in Vithropic's infrastructure has access only to what it needs to do its specific job — nothing more. The service that processes your uploaded documents cannot access your health data. The service that generates your briefing cannot modify your account. Access boundaries are enforced at the infrastructure level, not just in application code, so a compromise of any single service cannot cascade into the rest of the system.
Automated vulnerability scans run quarterly against all Vithropic systems. Full external penetration tests are conducted by independent third-party security firms twice per year — using the same techniques real attackers use. Findings are classified by severity and remediated on strict timelines. Critical issues within 24 hours. High severity within 7 days. Results are published in our annual transparency report. Security is not a launch checklist. It is an ongoing practice.
Most tools are vague about what they do with your data. This is exactly what happens, step by step, from the moment you upload a statement to the moment it's gone.
Your document is uploaded over an encrypted TLS 1.3 connection. It is never transmitted unencrypted. The upload goes directly to our processing service — it does not touch permanent storage at any point during transit.
The document is processed entirely in memory. Claude reads the text and extracts transactions and balances. No intermediate file is written to disk. No copy is created. The original document exists only in RAM during this step.
The moment processing is complete, the document is gone. Not archived. Not backed up. Not logged. The memory is released. What remains is only the intelligence the document generated — transactions and balances.
Vithropic uses an AI extraction layer to parse transactions and balances from uploaded documents. Here is exactly what that means for your data.
Our AI processing layer operates under enterprise-grade data handling terms — document content is not used for model training and is not retained after processing completes. The extraction call is stateless: nothing from your document persists beyond the transaction and balance data returned to Vithropic's storage layer.
These are not aspirational statements. They are specific things you can do at any time, from your account settings, without contacting us.
Request a complete export of all your stored data — transactions, health metrics, briefing history, and check-in responses — in standard machine-readable formats. One click. Delivered to your registered email address within 24 hours.
Request full account deletion. All your personal data is removed within 30 days. Confirmation is sent when deletion is complete. No questions, no friction, no retention period. The data is gone.
View a complete inventory of every data category Vithropic holds about you — what it is, how it's used, and when it was last updated. No hidden data categories. No surprises.
Stop uploading at any time. Previously uploaded data remains in your account until you choose to delete it. No future data is collected unless you upload again. You control the cadence entirely.
Any anonymized data already contributed to aggregate benchmarks — the statistical patterns used to show how similar profiles compare — cannot be individually extracted after the fact. It was anonymized before contribution and is no longer distinguishable as your data within the statistical population. All personally identifying information is deleted completely. This is disclosed because you deserve to know it.
Cohort benchmarks are only published when a minimum of 50 similar profiles contribute to the statistical pool. Below that threshold, no benchmark is shown — because below that threshold, individual reverse-identification becomes theoretically possible. We treat that boundary as a hard limit, not a guideline.
These were decided before the first customer joined. They cannot be changed by any offer or acquisition pressure that arrives later.
Not a privacy policy clause. A founding commitment. Vithropic's revenue comes from subscriptions. Your data is not the product. This is the reason we built a subscription model instead of an advertising one.
Acquisition offers will come — not for the product, but for the longitudinal behavioral data underneath it. The answer is no. The data was entrusted to us by the people who generated it. It belongs to them.
Terms of service can be updated. Privacy policies can drift. These commitments are public, dated, and documented — not buried in legalese. Changing them would require publicly reversing a named commitment.
Security is not a destination. We publish this roadmap because transparency about what isn't done yet is part of doing it honestly.
AES-256 encryption at rest, TLS 1.3 in transit, Azure Key Vault secrets management, managed identity authentication, role-based access control, MFA on all admin accounts, document discard-after-processing architecture
JWT validation on all function endpoints, input validation hardening, rate limiting on all public surfaces, JIT VM access (no persistent RDP)
Full API security review, automated dependency vulnerability scanning in CI/CD pipeline, penetration test commissioned
First third-party penetration test completed. Findings reviewed, addressed, and published in initial transparency report
SOC 2 Type II audit process begins. Annual transparency report published. Semi-annual penetration testing schedule locked
Dedicated security role hired. Public bug bounty program launched. Continuous automated security monitoring in production
If you believe you've found a security vulnerability in Vithropic, please contact us before disclosing it publicly. We take every report seriously and respond within 24 hours — critical findings within the hour. Responsible disclosure will always be acknowledged and credited.