Security & Data Practices
What we do — and don't do — with your data.
We think you should know exactly what happens when you submit a payment check. This page explains what data is analyzed, what is stored, who processes it, and how long anything is retained. No legal language — plain English.
Last updated: June 2026
🚫
No submission data retained
Payment details you submit are not stored after analysis is complete.
💾
History stays on your device
Case data and vendor memory is stored locally in your browser, not on our servers.
🔒
Encrypted in transit
All data sent between your browser and our servers uses TLS encryption.
🤖
AI-assisted analysis
Submissions are processed by an AI provider (Anthropic) under a data processing agreement.
What data is analyzed.
When you submit a payment check, you provide some or all of the following depending on check type:
- Vendor checks — vendor name, email address, routing number, account number, and any notes you add about how the payment request arrived.
- Invoice checks — vendor name, email address, routing number, account number, invoice amount, invoice number, and remittance address. If you upload a PDF invoice, the document is parsed and these fields are extracted automatically.
- Email checks — the email text or header you paste in, including any sender information and links contained in the email.
- Link checks — the URL you submit for analysis.
This information is sent to our analysis engine for processing. It is not used for any purpose other than generating the fraud risk assessment you requested.
What is stored — and where.
Submission data is not retained. The payment details, vendor information, invoice contents, and emails you submit for analysis are processed and the results returned to you. We do not store your submission data on our servers after analysis is complete.
Your case history and vendor memory lives in your browser. When you save a check to your investigation queue or when PaySentinel records a vendor's routing number for future comparison, that data is stored in your browser's local storage — on your device, not on our servers. Clearing your browser data will remove it.
Pro and Team plans — when persistent history is enabled (coming soon), case history is stored on our servers to allow cross-session access. This will be clearly disclosed at the point of account creation, and users will be able to delete their stored history at any time.
🔒 Case data, vendor memory, and investigation history is stored locally in your browser — never uploaded to our servers. We do not store or retain your submission data after analysis is complete.
AI provider usage.
PaySentinel uses a large language model to assist with fraud pattern analysis. The submission data you provide is sent to this provider as part of the analysis request.
AI Provider
Anthropic (Claude)
We use Anthropic's Claude API for AI-assisted fraud analysis. Anthropic processes submitted data under their API terms of service and privacy policy. Anthropic does not use API inputs to train their models by default. Data submitted via the API is not retained by Anthropic beyond the processing of each request.
Anthropic Privacy Policy →
Retention policy.
- Submission data (payment details, vendor info, invoices, emails) — not retained after analysis is complete.
- Browser-stored data (case history, vendor memory) — retained on your device until you clear it. No server-side copy.
- Server logs — standard web server access logs (IP address, timestamp, request path) are retained for up to 30 days for security and debugging purposes, then deleted.
- Analytics — we use PostHog for product analytics. This captures anonymized usage events (e.g. "check submitted", "pricing section viewed") and does not include the contents of your submissions.
Encryption practices.
- In transit — all data between your browser and our servers is encrypted using TLS 1.2 or higher. This applies to both the PaySentinel web interface and API calls to our analysis engine.
- At rest — server logs and any server-side data are stored on encrypted infrastructure.
- Browser storage — data stored locally in your browser (case history, vendor memory) is not additionally encrypted beyond what your browser and device provide natively.
What we don't do.
- We do not sell your data to third parties.
- We do not use your submission data to train AI models.
- We do not share your submissions with other PaySentinel users.
- We do not connect to your bank accounts, accounting software, or payment systems.
- We do not send unsolicited marketing emails — if you contact us, we reply. That's it.