Password-protected statements need a careful flow: detect encryption, ask for the password, unlock only for processing, never log the password, and give clear retry errors.
The converter should detect when the PDF is encrypted before trying extraction. If a password is required, the user should see a specific password prompt instead of a generic conversion failure.
Passwords should be used only to decrypt the file for processing. They should not be stored in browser storage, analytics, logs, database rows, or exported files.
Wrong passwords should return a clear retry message. Corrupt PDFs should show a different message so users do not keep trying a correct password against an unreadable file.
If the PDF unlocks but contains scanned pages, the workflow should continue through OCR rather than silently returning zero transactions.
Once unlocked, the parser should treat the statement like any other bank PDF: detect the bank, extract rows, normalize dates and amounts, verify balances, preview transactions, and then export.
Loading interactive converter… Try ClearlyLedger free