Privacy Policy
Last updated: July 10, 2026
Our privacy principle
BankStatementX is built on data minimization: we collect the least amount of information needed to run the service, we never store your bank statements, and we never sell or share your data with advertisers or data brokers.
1. Information We Collect
Documents you upload
When you convert a statement, the file is transmitted over an encrypted connection (TLS), processed in memory, and deleted immediately after the conversion completes. We do not store, back up, index, or review the contents of your statements. The converted output is delivered to you and not retained on our servers.
Account information
When you create an account we store your email address and, if you sign in with Google, your name and profile image as provided by Google. We never see or store your password — sign-in is handled via Google OAuth or one-time magic links.
Usage data
We keep minimal operational records — such as the number of pages converted against your plan quota, timestamps, and aggregate error rates — to operate billing and improve reliability. These records do not include the contents of your documents.
2. How We Use Information
- To provide and operate the conversion service.
- To authenticate you and secure your account.
- To process subscription billing and enforce plan quotas.
- To send transactional emails (magic links, receipts, important service notices). Marketing emails are opt-in only.
- To detect abuse and maintain the security of the Service.
3. What We Never Do
- We never sell your personal data.
- We never share your documents or their contents with third parties.
- We never use your financial documents to train models or build profiles.
- We never ask for your bank login credentials.
4. Service Providers
We rely on a small number of infrastructure providers to run the Service — hosting, payment processing, and transactional email delivery. Each provider processes only the data required for its function under contractual confidentiality obligations. Payment card details are handled entirely by our payment processor and never touch our servers.
5. Cookies
We use strictly necessary cookies for authentication (keeping you signed in) and remembering your theme preference. We do not use third-party advertising or cross-site tracking cookies.
6. Data Retention
- Uploaded statements: deleted immediately after conversion (within seconds).
- Account data: kept while your account is active; deleted within 30 days of account deletion.
- Billing records: retained as required by tax and accounting laws.
7. Security
All traffic is encrypted in transit with TLS 1.2+. Files are processed in isolated memory and never written to persistent storage. Access to production systems is restricted, logged, and protected with multi-factor authentication. No method of transmission is 100% secure, but we design every part of the pipeline to minimize exposure of your data.
8. Your Rights
Depending on your location (including under GDPR and CCPA), you have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can delete your account at any time from your account settings, or contact us and we will action your request within 30 days. We do not discriminate against you for exercising your privacy rights.
9. International Transfers
If your data is transferred outside your jurisdiction, we rely on appropriate safeguards such as Standard Contractual Clauses to protect it.
10. Children
The Service is not directed to children under 18, and we do not knowingly collect personal information from them.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be announced by email or an in-product notice before they take effect. The "Last updated" date at the top reflects the latest revision.
12. Contact
Privacy questions or requests: support@bankstatementx.com.