Privacy Policy

Convert Statement ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our bank statement conversion service at convertstatement.online ("Service").

We comply with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and applicable data protection laws of India.

By using our Service, you consent to the practices described in this Policy.

We collect only what is necessary to provide the Service:

Account Information - Email address and name (provided during registration) - Hashed password (we never store your plain-text password) - Account creation date and subscription tier

PDF Bank Statements - You upload PDF files for processing. These files are processed entirely in memory and are permanently deleted from our servers immediately after the conversion is complete. We never write your PDF to disk, store it in a database, or retain it beyond the current processing session.

Transaction Data - Extracted transaction data (dates, amounts, descriptions) is returned to you and is not stored on our servers after your session ends.

Usage & Technical Data - Page count of documents processed (for billing purposes) - Number of documents converted (for plan limits) - Approximate processing time - IP address and browser/device type (collected automatically for security)

Payment Information - We do not store any card numbers, UPI IDs, or bank account details. All payment processing is handled by Razorpay, which is PCI-DSS compliant. We receive only a transaction reference ID and payment status.

We use the information we collect to:

- Provide, operate, and improve the Service - Process your bank statement PDFs and return converted data - Track usage against your plan limits (free pages, monthly allotment) - Process payments and manage your subscription - Send transactional emails (account verification, receipts, password reset) - Detect and prevent fraud or abuse - Comply with legal obligations

We do not use your financial data for advertising, profiling, or any purpose other than providing the conversion service you requested.

We explicitly do not:

- Store your uploaded PDF bank statements after processing - Store extracted transaction data on our servers - Share your financial data with third parties (other than as required for payment processing) - Sell, rent, or trade your personal information - Use your bank statement data to train AI/ML models - Share your data with advertisers or marketing companies

Your financial documents belong to you. Once processing is complete, they are gone from our systems.

We share data only with trusted service providers required to operate the Service:

Razorpay — Payment processing (PCI-DSS Level 1 certified). Razorpay's Privacy Policy governs data shared during payment transactions.

Anthropic (Claude AI) — When processing scanned or image-based PDFs, we may send the PDF content to Anthropic's API for AI-powered text extraction. This is done under Anthropic's data processing agreement and their API data is not used to train models.

Hosting Infrastructure — Our servers are hosted on secure cloud infrastructure. We maintain data processing agreements with all infrastructure providers.

We do not sell your data to any third party under any circumstances.

We implement industry-standard security measures:

- All connections use TLS 1.3 encryption (HTTPS) - Passwords are hashed using bcrypt with a work factor of 12 - Session tokens use 256-bit HMAC-signed JWTs with 30-day expiry - PDF files are processed in memory — never written to disk - Payment data flows only through Razorpay's PCI-DSS certified systems - Regular security audits and vulnerability assessments

While we implement robust protections, no system can guarantee 100% security. We encourage you to use a strong unique password and to log out after each session.

We retain different data for different periods:

- Account information — Retained for the lifetime of your account. Deleted within 30 days of account closure. - PDF files — Not retained. Deleted immediately after processing. - Transaction data — Not retained after the session ends. - Billing records — Retained for 7 years as required by Indian GST and accounting laws. - Usage logs (page counts, document counts) — Retained for the duration of your account for billing purposes.

You may request deletion of your account and all associated data at any time by contacting us.

Under applicable Indian and international data protection laws, you have the right to:

- Access — Request a copy of the personal data we hold about you - Correction — Request correction of inaccurate personal data - Deletion — Request deletion of your account and associated personal data - Portability — Receive your account data in a machine-readable format - Opt-out — Unsubscribe from promotional emails at any time

To exercise any of these rights, email us at privacy@convertstatement.online. We will respond within 30 days.

We use minimal, essential cookies only:

- Session cookie (bs_token) — An HttpOnly, secure JWT cookie used to keep you logged in. Expires after 30 days. - Usage cookie (bs_pages_used) — Tracks free page usage for anonymous users. Expires after 1 year. - Payment cookie (bs_payg_cleared) — A short-lived cookie (30 minutes) confirming a PAYG payment was verified before allowing file processing.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us personal information, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice on our website. Continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy.

The date this Policy was last updated is shown at the top of this page.

For privacy-related questions, requests, or concerns, please contact our Privacy Officer:

Email: privacy@convertstatement.online Subject line: Privacy Inquiry

We are committed to resolving complaints about our collection or use of your personal information. We will respond within 30 business days.