I built a bank statement converter that uses Intel TDX enclaves to process PDFs in hardware-encrypted memory. The key difference: neither I (the service provider) nor the cloud host can access the data being processed.
The problem: Every bank statement converter requires you to trust that they won't look at your financial data. Even "we don't store it" is just a policy promise.
The approach: Intel TDX creates isolated execution environments inside the CPU where:
Data is processed in encrypted memory
The service provider literally cannot access the memory contents
Remote attestation provides cryptographic proof the code is unmodified
Data exists only during processing (seconds), then RAM is wiped
Why it matters:
Forensic accountants processing divorce/litigation cases
Mortgage lenders doing income verification
Anyone who doesn't want their net worth visible to a SaaS provider
Honest question for HN: Is this overkill, or is "trust us" fundamentally broken for financial document processing?
I built a bank statement converter that uses Intel TDX enclaves to process PDFs in hardware-encrypted memory. The key difference: neither I (the service provider) nor the cloud host can access the data being processed. The problem: Every bank statement converter requires you to trust that they won't look at your financial data. Even "we don't store it" is just a policy promise. The approach: Intel TDX creates isolated execution environments inside the CPU where:
Data is processed in encrypted memory The service provider literally cannot access the memory contents Remote attestation provides cryptographic proof the code is unmodified Data exists only during processing (seconds), then RAM is wiped
Why it matters:
Forensic accountants processing divorce/litigation cases Mortgage lenders doing income verification Anyone who doesn't want their net worth visible to a SaaS provider
Honest question for HN: Is this overkill, or is "trust us" fundamentally broken for financial document processing?