SapotoDocs
Back to Docs

Trust

Security & Privacy

Sapoto is built on a local-first architecture. All automation happens entirely on your computer — we never see your credentials, documents, or financial data. This page gives you an overview of our security model.

Local-First Architecture

Everything that touches your sensitive data runs on your device:

1

The login process for your portals

2

The navigation that finds your documents

3

The download process that saves files

4

The credential store that holds your logins

There is no cloud component that processes, stores, or has access to your financial data.

Credential Storage

Your login credentials are encrypted using your operating system's secure storage:

macOS

Stored in macOS Keychain, encrypted with your system's hardware-backed security.

Windows

Stored in Windows Credential Store, protected by your Windows account credentials.

Credentials are injected at execution time and immediately scrubbed from tool outputs. They never appear in AI prompts or conversation history.

Document Handling

Downloaded documents flow directly from the provider portal to your local disk:

ProviderYour DeviceYour Disk

Documents are never uploaded to our servers, routed through a proxy, or stored in any cloud service. The download path goes directly from the provider to your file system.

AI & Redaction

Sapoto needs to see page content to navigate provider websites. Before any page content is sent to the AI, it passes through a client-side redaction pipeline:

Redacted before AI sees it

  • Account numbers and routing numbers
  • Social Security Numbers (SSNs)
  • Dollar amounts and balances
  • Phone numbers and email addresses
  • Full names and addresses

Never sent to AI: raw credentials, downloaded documents, full account numbers, or financial amounts

Telemetry

We collect minimal operational metadata to monitor app health and debug issues:

Event types (sync_completed, login_failed)Monitoring
Error category (safe enum, not raw message)Debugging
Document counts and byte totalsAnalytics
Anonymous device ID, app version, platformMetrics
Redacted app logsDebugging — auto-deleted after 48h

No financial data, credentials, document content, or PII is ever included in telemetry.

FAQ

Where are my credentials stored?

Encrypted with your OS keychain (macOS Keychain or Windows Credential Store) and stored in a local database on your device. They never leave your machine.

Do you ever see my bank statements or documents?

No. PDFs, statements, and invoices download directly from your financial portal to your local file system. They are never uploaded to our servers.

What does the AI actually see?

Only redacted page content. Account numbers, SSNs, balances, phone numbers, emails, and other sensitive patterns are scrubbed or masked client-side before anything is sent to the AI.

Does Sapoto share my personal browser profile?

No. Sapoto uses its own isolated environment. No cookies, extensions, or sessions carry over from your personal setup.

Full Architecture Guide

For a complete technical deep-dive including data flow diagrams, data classification tables, and detailed architecture documentation, see the full Security & Privacy Architecture page.

Read the full Security & Privacy Architecture

© 2026 Sapoto. All rights reserved.