Privacy Policy

1. Introduction

ConvertBank Statement Converter ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our bank statement conversion service at convertbank-statement.com.

By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

• Email address
• Name (optional)
• Payment information (processed securely through Stripe)

2.2 Bank Statement Data

When you upload bank statements for conversion, we temporarily process:

• PDF files containing bank statements
• Transaction data extracted from statements
• Account numbers and financial information (automatically redacted)

Important: We do not store your bank statements or transaction data after conversion. All files are processed in memory and immediately deleted after conversion is complete.

2.3 Usage Information

We automatically collect:

• Number of conversions performed
• Conversion timestamps
• Browser type and version
• Device information
• IP address

3. How We Use Your Information

We use your information to:

• Provide and maintain our bank statement conversion service
• Process your payments and manage subscriptions
• Send you service-related communications
• Monitor usage limits based on your subscription tier
• Improve our service and develop new features
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Data Storage and Security

4.1 Bank Statement Processing

Your bank statements are:

• Processed entirely in memory on secure servers
• Never stored on our servers or databases
• Automatically deleted immediately after conversion
• Transmitted using industry-standard encryption (TLS 1.3)

4.2 Account Data

Your account information is:

• Stored in encrypted databases (Supabase with PostgreSQL)
• Protected with industry-standard security measures
• Accessible only to authorized personnel
• Regularly backed up for disaster recovery

4.3 Payment Information

Payment processing is handled entirely by Stripe, our PCI-DSS compliant payment processor. We do not store your credit card information on our servers.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

• Service Providers: Stripe (payment processing), Supabase (database hosting), Vercel (web hosting)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Your Rights (GDPR & UK GDPR)

As a UK-based service, we comply with the UK General Data Protection Regulation (UK GDPR). You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Restrict processing of your personal data
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing of your personal data
• Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at privacy@convertbank-statement.com

7. Data Retention

• Bank Statements: Never stored (deleted immediately after conversion)
• Account Data: Retained while your account is active
• Usage Logs: Retained for 12 months for fraud prevention
• Payment Records: Retained for 7 years for tax compliance

You can request account deletion at any time, which will remove all personal data except records required for legal compliance.

8. Cookies and Tracking

We use essential cookies to:

• Maintain your session while logged in
• Remember your preferences
• Analyze website usage (anonymized)

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

9. Third-Party Services

Our service integrates with:

• Stripe: Payment processing (Stripe Privacy Policy)
• Supabase: Database hosting (Supabase Privacy Policy)
• Vercel: Web hosting (Vercel Privacy Policy)

These services have their own privacy policies and we recommend reviewing them.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the UK ICO
• Adequacy decisions recognized by UK law
• Binding Corporate Rules where applicable

11. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification for material changes

Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: