AI Security
The P&L Agent uses Anthropic's API — not the consumer Claude.ai product. That distinction matters for how your financial data is handled, retained, and protected.
Powered by Anthropic's SOC 2 Type II Certified API · Data never used to train AI models · 30-day retention max
Security Principles
The P&L Agent uses Anthropic's API, which is independently SOC 2 Type II certified — covering Security, Availability, and Confidentiality. Your financial data is processed through the same infrastructure Anthropic's enterprise customers use, not a consumer AI product.
Anthropic's API explicitly excludes customer data from model training by default. This is the opposite of consumer AI tools. The P&L figures, revenue data, and expense breakdowns you provide cannot be used to retrain or improve any AI model.
Anthropic retains API prompts and responses for up to 30 days for trust and safety monitoring, then permanently deletes them. No financial data persists beyond that window. Enterprise customers can eliminate storage entirely with Zero Data Retention.
Your P&L data is not written to any database on our servers. It lives only in the request/response cycle — sent to the AI agent, analyzed, and discarded. The report we generate is stored temporarily for download and then your data is gone.
All data sent to the Anthropic API is encrypted in transit via TLS 1.2+ and at rest via AES-256. Every interaction between your browser and the P&L Agent uses HTTPS exclusively. Your financial figures are never transmitted in plain text.
We send only what the agent needs — monthly revenue and expense figures, your industry label, and optionally your company name. No metadata, no behavioral tracking, no extras. Company name is optional and can be omitted without affecting the quality of the analysis.
Data Transparency
Company name
Optional — can be omitted or replaced with any label
Industry label
e.g. "HVAC / Home Services" — used for benchmark comparison only
Monthly revenue figures
Numeric totals only, extracted from your CSV
Monthly expense figures
Numeric totals only, extracted from your CSV
Budget figures
Numeric only, and only if present in your file
Data Lifecycle
Your P&L data is processed in memory by the AI agent and the result is returned to your browser. Nothing is written to disk on our end during this step.
Anthropic retains API prompts and responses for trust and safety monitoring. This is Anthropic's standard API policy — separate from the consumer Claude.ai product.
Anthropic permanently deletes all retained API data. No financial data persists beyond this window under any circumstance.
Enterprise customers can arrange Zero Data Retention (ZDR) with Anthropic. Prompts and responses are processed entirely in memory — nothing is written to disk at any point in the pipeline.
Enterprise & Compliance
For businesses in regulated industries or with formal security review requirements, we can configure the P&L Agent for Zero Data Retention, strip all optional identifiers so only numeric figures are transmitted, or provide Anthropic's SOC 2 report for your vendor review process.
Note:The P&L Agent is not currently HIPAA compliant — Anthropic does not offer a Business Associate Agreement (BAA) at this time. It is also not suitable for EU data residency requirements without confirming region availability directly with Anthropic.