Privacy Policy

Last updated: January 2025

1. Introduction

StatementConverter ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our bank statement conversion service.

2. Information We Collect

Account Information

  • Email address and name when you create an account
  • Profile information from OAuth providers (if applicable)
  • Account preferences and settings

Payment Information

  • Payment details processed securely through Stripe
  • Billing address for tax compliance
  • Transaction and invoice history

Usage Data

  • Log data including IP address and browser information
  • Processing history and feature usage
  • Performance metrics for service improvement

Document Processing

Your bank statements are processed in-memory only. We do not permanently store any financial data from your documents. All document content is deleted immediately after processing.

3. How We Use Your Information

  • To provide and maintain our service
  • To process your transactions
  • To send you service-related communications
  • To improve our service and develop new features
  • To comply with legal obligations

4. Data Security

We implement industry-standard security measures to protect your information:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance
  • Automatic deletion of processed documents

5. Data Retention

We retain your data only as long as necessary to provide our services and comply with legal obligations:

  • Financial documents: Immediate deletion after processing
  • Processing metadata: 90 days (free tier) or 1 year (premium)
  • Account information: Until account deletion
  • Payment records: 7 years for tax compliance
  • Audit logs: 7 years (anonymized after 2 years)

6. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing
  • Vercel: Application hosting
  • DigitalOcean: Infrastructure services
  • OpenAI/Anthropic: Optional AI enhancement (only with user consent)

These services have their own privacy policies and data handling practices.

7. Your Rights

Under GDPR and other privacy laws, you have the following rights:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to certain processing
  • Restrict processing in certain circumstances

You can exercise most of these rights through your Privacy Center at /privacy-center. For complex requests, contact us at statementconverterxyz@gmail.com.

8. GDPR Compliance

For users in the European Economic Area (EEA), we comply with GDPR requirements:

  • Lawful basis for processing
  • Data minimization
  • Purpose limitation
  • Data subject rights
  • Privacy by design

9. Children's Privacy

Our service is not intended for children under 18. We do not knowingly collect personal information from children under 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Information

For privacy-related questions or requests, please contact us:

  • Email: statementconverterxyz@gmail.com
  • GDPR Requests: statementconverterxyz@gmail.com
  • Security Issues: statementconverterxyz@gmail.com

If you're not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.