Privacy Policy

At StatementPro, we are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, process, and safeguard your data when you use our bank statement conversion service.

Important: By using our service, you acknowledge that we process highly sensitive financial data. While we implement strong security measures, no system is 100% secure. You use our service at your own discretion regarding data security and privacy.

This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws. If you are located in the EEA, UK, or Switzerland, you have additional rights as detailed in this policy.

We use your information to:

• Provide and maintain our bank statement conversion service
• Process your uploaded documents and extract transaction data
• Authenticate your identity and secure your account
• Communicate with you about your account and service updates
• Improve our service quality and develop new features
• Ensure security and prevent fraud or abuse
• Comply with legal obligations and respond to legal requests

We process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b) GDPR): Processing bank statements to provide conversion services
• Legitimate Interest (Art. 6(1)(f) GDPR): Service improvement, security, fraud prevention, and analytics
• Consent (Art. 6(1)(a) GDPR): Marketing communications and optional features (where applicable)
• Legal Obligation (Art. 6(1)(c) GDPR): Compliance with applicable laws and regulations

For sensitive financial data processing, we rely on your explicit consent under Article 9 of the GDPR, which you provide when uploading documents for processing.

5.1 Temporary Processing

Security Notice: While we implement industry-standard security measures, we cannot guarantee absolute security. Data breaches, system failures, or unauthorized access may occur despite our best efforts. Our minimal retention policy significantly reduces exposure risk compared to services that store documents long-term.

5.2 Data Encryption and Security

• All data encrypted in transit using TLS 1.3 or higher
• Data encrypted at rest using AES-256 encryption
• Multi-factor authentication for administrative access
• Regular security audits and penetration testing
• Access controls and employee background checks
• Automated monitoring for suspicious activity

5.3 Data Retention and Deletion Policy

• Original PDF Files: Processed immediately upon upload, automatically deleted within 24-48 hours maximum
• Extracted Transaction Data: Available for download and format conversion for 24-48 hours, then permanently deleted
• Processing Metadata Only: File hash, processing timestamp, accuracy score retained for analytics (no sensitive data)
• Re-processing: Simply re-upload your document if you need additional export formats after retention period
• Account Information: Basic profile data retained until account deletion
• Usage/Error Logs: Anonymized logs retained for 90 days for security and service improvement
• Payment Information: Retained as required by law and payment processors (no bank statement data)

5.4 Data Breach Notification

In the event of a data breach affecting personal data, we will:

• Notify relevant supervisory authorities within 72 hours (where required by law)
• Notify affected users without undue delay if high risk to rights and freedoms
• Provide clear information about the nature and extent of the breach
• Offer guidance on protective measures users can take

7.1 GDPR Rights (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

• Right of Access (Art. 15): Request access to your personal data we hold
• Right to Rectification (Art. 16): Request correction of inaccurate personal data
• Right to Erasure (Art. 17): Request deletion of your personal data ("Right to be Forgotten")
• Right to Restrict Processing (Art. 18): Request limitation of processing under certain conditions
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

7.2 CCPA Rights (California Residents)

If you are a California resident, you have additional rights under the CCPA:

• Right to Know: Request information about personal information collected, used, or shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising rights

7.3 Exercising Your Rights

To exercise these rights, contact us at gdpr@convertbanktoexcel.com or privacy@convertbanktoexcel.com. We will:

• Respond within one (1) month for GDPR requests (extendable by 2 months for complex cases)
• Respond within forty-five (45) days for CCPA requests (extendable by additional 45 days)
• Verify your identity before processing requests
• Provide responses free of charge (except for excessive or manifestly unfounded requests)

7.4 Limitations on Rights

Your rights may be limited in certain circumstances, including:

• Legal obligations or legitimate interests that override your rights
• Protection of others' rights and freedoms
• Freedom of expression and information
• Compliance with legal or regulatory requirements
• Defense of legal claims