What a bank statement converter should store, and what it should not
By Arron Child, reviewed by Arron Child. Updated 15 July 2026.
A bank statement is close to a complete biography: income, rent, health spending, location history through card payments. Any tool that touches one should be judged on a simple question: what does it keep? Here is a concrete checklist for evaluating a converter, including this one.
What a converter genuinely needs
To convert a statement, software needs the document, momentarily, wherever the parsing runs, plus nothing else. Everything beyond that is a product choice, not a technical necessity:
- It does not need the file on a server; parsing can run in the browser.
- It does not need to keep the file after conversion.
- It does not need your transactions to bill you; a count of exports suffices.
- It does not need your email address to show you a preview.
Questions to ask any converter
- Where does parsing run? "In your browser" is verifiable: open the network panel and convert; no request should carry the document. "On our secure servers" means the statement leaves your custody, whatever the adjectives.
- What is stored, and for how long? Look for a concrete data-boundary list, not a privacy policy that reserves everything. Retention with no stated period means indefinitely.
- What appears in analytics and logs? Filenames alone can leak client identities ("smith-and-co-jan-statement.pdf"). Descriptions and amounts in error logs are a breach waiting for an export.
- Can support staff see my statement? The honest best answer is that they cannot, because it was never uploaded.
- What happens on deletion? Account deletion should remove conversion metadata, with only legally required billing records retained.
What this site stores, for the record
The statement, its rows, your corrections, and the exported file exist only in your browser tab and are cleared on refresh, sign-out, or 30 minutes of inactivity. Our backend sees account identity, credit balance, payment references, and anonymous conversion metadata: bank, layout, page and row counts, verification status, timing. Never document bytes, filenames, descriptions, dates, amounts, or balances. The full boundary is published on the security page, and it is written so you can test the claim rather than trust it.
The professional angle
Under UK GDPR, a bookkeeper converting client statements is processing personal data, and tool choice is part of your accountability. A converter that never receives the data is the easy end of a data protection impact conversation; one that stores statements indefinitely on foreign servers is not.
General information, not legal advice. Reviewed 15 July 2026.