Your statements are your business.

Your documents

Statements and packets are stored in a private bucket, scoped to your account. Nothing you upload is ever public.

Public marketing (including the live demo on the homepage) runs on synthetic sample data only. Real statements never appear outside your account.

Your sign-in

Authentication is handled by Clerk, a dedicated identity provider. Blotter never sees or stores your password.

When auth is not configured, the application fails closed: the marketing pages serve, the app does not.

Your bank

Bank connections go through Plaid; Blotter never sees your bank credentials.

Plaid access tokens are sealed with AES-256-GCM before they touch the database, and bank access is read-only, used solely to match owner draws to the deposits that actually landed.

Shared links

CPA share links and PM scorecards use unguessable tokens, carry read-only views, and are revocable by you at any time.

Shared scorecards are anonymous by construction. Your name and addresses stay off them.

The browser extension

The sync extension pairs to your account with a token you can revoke from the app at any moment: a one-click kill switch.

It only talks to Blotter, and only sends the statement files you can see it capture.

Benchmarks

Cross-owner statistics (like typical fees) are aggregated, anonymized, and only shown once enough independent owners contribute that no one can be singled out, as described in the Terms.

Your data is never used against you or handed to your property manager. Findings become your questions, on your schedule.

Your exit

The books are yours: reports, Schedule E, CSVs, and the full tax package export at any time, on any plan.

Cancel from the self-serve billing portal whenever you like: no email, no call.

Full details in the Terms.