Privacy policy

Last updated 15 July 2026. Draft pending legal review before paid launch.

The short version

Your bank statements are processed inside your browser and are never uploaded to us. We hold the minimum needed to run accounts and billing: who you are, what you bought, and anonymous conversion metadata. We do not sell data, run advertising, or use statement content for anything, because we never receive it.

Data that stays on your device

Statement PDFs, rendered pages, transaction rows, descriptions, dates, amounts, balances, your corrections, and exported CSV or Excel files exist only in your browser’s memory during a session. They are cleared when you clear the converter, close or refresh the tab, sign out, or after 30 minutes of inactivity. They are not written to cookies, localStorage, or IndexedDB, and they are never transmitted. The technical detail is on the security page.

Data we process as a controller

  • Account data: your email address and authentication identifiers, managed through Clerk, kept while your account exists.
  • Billing data: purchases, credit balance, and Stripe payment references (never card numbers, which Stripe alone handles), kept as required for accounting and tax law.
  • Conversion metadata: for each export, a random conversion ID, bank and layout ID, parser version, page and row counts, verification status, flag counts, and a processing-time bucket. Retained 90 days for signed-in users, then aggregated and deleted. This metadata cannot reconstruct any statement content.
  • Support messages: what you send us, kept as long as needed to resolve the issue. Please never attach statements to support messages.

Lawful bases: performing our contract with you (accounts, billing, support), legitimate interests (service integrity, fraud prevention, aggregate product metrics), and legal obligation (tax and accounting records).

Subprocessors

  • Vercel (hosting and content delivery)
  • Convex (application database: accounts, credits, metadata)
  • Clerk (authentication)
  • Stripe (payments; the only party that sees card details)
  • Resend (transactional email)

Each processes only the categories above; none ever receives statement content. Where processing occurs outside the UK, transfers rely on the providers’ standard contractual clauses and UK addendum terms.

Analytics

Public marketing pages use privacy-minimised, cookie-free page analytics. The converter and signed-in pages carry no analytics scripts, no session replay, and no heatmaps. Product events follow a typed allowlist (for example “preview completed” with a page-count bucket) that structurally cannot contain document content.

Your rights

Under UK GDPR you can request access, correction, deletion, restriction, and portability of the personal data we hold, and object to processing based on legitimate interests. Account deletion is self-service in settings: it removes your profile and conversion metadata immediately and retains only legally required billing records with identifiers minimised. You can complain to the ICO (ico.org.uk) if you believe we have mishandled your data.

Contact: support@ukbankconv.com.