Security & Privacy

QBO Maker is built so your bank statement never leaves your computer. The converter runs entirely in your browser — and you don't have to take our word for it, you can verify it yourself in under a minute.

How your data is handled

• Conversion happens in your browser. When you drop a file in, your browser reads it locally and builds the .QBO/.QFX/.OFX/CSV on the spot. No transaction data is sent to us or anyone else.
• Nothing is stored on a server. There's no server-side copy of your statement because it never reaches a server in the first place.
• No signup, no tracking of your transactions. The free converter needs no account. Your saved templates, client list and settings (Pro dashboard) live only in your browser's local storage, on your device.

Verify it yourself (60 seconds)

1. Open the converter.
2. Open your browser's developer tools (F12 or right-click → Inspect) and click the Network tab.
3. Convert a file. Watch the request list — no request carries your statement. The conversion is pure on-device JavaScript.

The tool also shows a live privacy meter on the page: "0 bytes of your statement uploaded · N network requests since this page loaded." That counter is real instrumentation, not marketing.

Platform security

• HTTPS everywhere, served on Cloudflare's network.
• Content-Security-Policy restricting what can run and where the page may connect, plus X-Frame-Options (anti-clickjacking), X-Content-Type-Options: nosniff and a strict referrer policy.
• Subresource Integrity (SRI) on third-party libraries, so a tampered file from a CDN would be rejected by your browser.
• Input safeguards: uploads are size-capped and parsing is bounded (row, sheet and page limits) so a malformed or "zip-bomb" file can't hang your browser.

The optional Convert API

The browser converter never makes a network call with your data. Separately, Pro users can use the opt-in Convert API from their own scripts — it only receives the transaction data you explicitly send it, authenticated with your Pro key over HTTPS. License keys are cryptographically signed (HMAC-SHA256) and verified server-side.

Billing & support

Payments are handled by Stripe; we never see or store your card details. Pro comes with a 7-day money-back guarantee and you can cancel anytime in one click from the Stripe customer portal. Questions about security or anything else? Email [email protected].

Related