Accountants and business owners working with bank statements handle sensitive financial data — account numbers, transaction amounts, vendor names, payroll details. Any tool involved in that workflow must be transparent about where data goes and how it is protected.

This article explains Talio’s data architecture, what is stored, what is not, and the security measures in place at each step.

Transaction Data Stays in Your Google Sheet

When a bank statement is imported through Talio, the extracted transactions are written directly to the user’s Google Sheet. Talio does not maintain a database of transaction data. No bank statement content is stored on our servers.

The spreadsheet resides in the user’s Google Drive, governed by their existing access controls and sharing policies. Deleting the sheet removes the data entirely — there is no secondary copy to manage.

The Import Process

The data flow during a bank statement import is as follows:

File selection — The user selects a PDF, CSV, or Excel file in the Talio sidebar within Google Sheets
Server-side processing — The file is transmitted to the Talio API, where it undergoes text extraction, layout identification, and data normalization
Results returned — The parsed transactions are sent back to the Google Sheets add-on
Sheet population — The add-on writes the normalized data (dates, descriptions, amounts) into the spreadsheet
No retention — The file content is not retained on our servers after processing is complete

The API performs stateless processing — it extracts, normalizes, and returns. It does not persist the input or output.

AI Assistant and Data Privacy

Talio includes an AI assistant for transaction categorization, tag rule suggestions, and spending analysis. Given that financial data is involved, this warrants detailed explanation.

Enterprise AI Infrastructure

Talio uses Google Cloud Vertex AI — Google’s enterprise AI platform. This is distinct from the consumer Gemini application available at gemini.google.com.

	Consumer Gemini	Vertex AI (Talio)
Customer data used to train models	Yes (free tier)	No
Enterprise SLA	No	Yes
Data governance commitments	No	Yes
Compliance certifications	No	SOC 2, ISO 27001, HIPAA-eligible
Data residency controls	No	Yes

Google Cloud’s commitment is explicit: customer data submitted to Vertex AI is not used to train or improve foundation models. This is documented in Google Cloud’s AI/ML Privacy Commitment and Data Governance documentation.

Data Handling During AI Requests

When a user interacts with the AI assistant, transaction data (dates, descriptions, amounts, tags) is included as context for the current request. This data is:

Encrypted with AES encryption before leaving the Google Sheets add-on
Decrypted on the Talio API server, which forwards the request to Vertex AI
Not stored by Google for model training, per Vertex AI’s enterprise data governance policies
Not persisted on Talio’s servers — only the user’s chat messages are retained for conversation continuity, not the underlying transaction data

Transaction data is available to the AI model for the duration of a single request. It is not retained afterward.

Data We Store

For full transparency, the following data is stored by Talio:

Email address — Account identification and credit management
Chat conversation history — Up to 50 recent messages exchanged with the AI assistant, retained to provide conversational context across sessions. This includes the user’s messages and AI responses, not the raw transaction data sent as context
User profile — Business type and role (e.g., “restaurant” and “business owner”), used to tailor the AI assistant’s analysis
Credit usage records — AI credit consumption tracking
Payment records — Stripe transaction identifiers for credit purchases

No bank statements, transaction data, or account numbers are stored.

What We Do Not Do

We do not sell user data — under any circumstances
We do not use financial data for model training — neither Talio nor Google Cloud uses customer data submitted through Vertex AI for this purpose
We do not store bank statements or transaction data — all financial data resides exclusively in the user’s Google Sheet
We do not access the user’s Google Drive — the add-on operates under the spreadsheets.currentonly OAuth scope, limiting access to the spreadsheet in which it is installed

Google Sheets as the Data Layer

Leveraging Google Sheets as the primary data layer provides inherent privacy and security benefits:

User-controlled access — Google Sheets provides granular sharing permissions and audit logging
User-controlled retention — Deleting the spreadsheet removes the data completely, with no deletion request required
Google’s security infrastructure — Data in Google Sheets is protected by encryption at rest, encryption in transit, and Google’s SOC 2/3 and ISO 27001 certified infrastructure
No vendor lock-in — Data is stored in a standard spreadsheet format and can be exported at any time

Considerations for Accounting Firms

For accountants managing client financial data under professional confidentiality obligations:

Client transaction data remains in the Google Sheet under the firm’s Google Workspace, subject to the firm’s access and retention policies
AI-powered analysis is conducted through enterprise-grade Vertex AI, backed by Google Cloud’s contractual data protection commitments
No client financial data is stored on Talio’s infrastructure — firms can assure clients that their data is not held in any third-party database
Add-on access is scoped to the current spreadsheet — Talio cannot access other files in the user’s Google Drive

Summary

Talio’s architecture is designed around a core principle: financial data belongs to the user and remains under their control. Transaction data is processed when requested — during PDF imports and AI analysis — and the results are written to the user’s Google Sheet. No copies are retained, no models are trained on the data, and no data is shared with third parties.