Privacy Policy

BankConvert is a web application that converts bank statement PDFs into structured CSV and Excel files. References to "we", "us", or "our" refer to the operators of BankConvert.

**Registered users:** When you create an account we collect your email address, first name, and last name. We also store metadata about the documents you upload (file name, page count, detected bank, processing status) and your subscription status if you subscribe to a paid plan.

**Guest users:** We do not require an account for a limited number of free conversions. We store your IP address solely to enforce daily and monthly usage limits. This record is kept to prevent abuse and is not linked to any personal identity.

**Uploaded files:** Bank statement PDFs are uploaded to process transactions. For authenticated users, processed results (transaction data) are stored so you can access your history. Raw PDF files are not permanently stored — they are processed in memory and then discarded.

We use the information we collect to: - Provide, operate, and improve the service - Authenticate your account and maintain your session - Enforce usage limits for guest and free-tier accounts - Process payments and manage subscriptions (via Stripe — see section 5) - Respond to support requests when you contact us

**Uploaded PDFs:** Not stored permanently. Files are read into memory for processing and are not written to persistent storage.

**Transaction data:** Stored in your account as long as your account exists, so you can revisit and re-download previous conversions. You can delete individual documents at any time from your dashboard.

**Account data:** Retained while your account is active. You may request deletion at any time by contacting us.

**Guest IP records:** Retained for a rolling 90-day period and then automatically purged.

**Stripe:** We use Stripe to process payments and manage subscriptions. When you subscribe, Stripe receives your payment details. We do not store credit card numbers. Stripe's privacy policy governs the handling of your payment information.

**Supabase:** We use Supabase as our database and file storage provider. Data is hosted in the EU region. Supabase's data processing agreement applies.

**Netlify:** The application is hosted on Netlify. Server logs and function logs are subject to Netlify's data retention policies.

We do not sell, rent, or share your personal data with any third party for marketing purposes.

We use a session cookie issued by NextAuth.js to keep you logged in. We do not use advertising cookies or third-party tracking pixels. No analytics scripts collect personal identifiers.

Depending on your location you may have rights including: - **Access:** Request a copy of the data we hold about you - **Correction:** Ask us to correct inaccurate data - **Deletion:** Ask us to delete your account and associated data - **Portability:** Request your transaction data in a machine-readable format

To exercise any of these rights, contact us via the form at /contact.

We implement industry-standard measures including HTTPS encryption in transit, environment-variable-managed secrets (no credentials in source code), and row-level security on our database. No system is perfectly secure; if you discover a vulnerability please contact us.

BankConvert is not directed at children under 16. We do not knowingly collect data from minors. If you believe a minor has provided us data, please contact us so we can delete it.

We may update this policy from time to time. When we make significant changes we will update the "last updated" date below and, where appropriate, notify registered users by email.

For privacy-related questions or data requests, please use the contact form at bankconvert.io/contact or email us directly.