Privacy Policy
Who We Are
BankStatementHive ("we", "us", "our") is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, contact us at [email protected].
Data We Collect
Email Address
When you create an account or sign in, we ask for your email address. We use it to send you a one-time login code and, occasionally, transactional messages related to your account (such as payment confirmations).
We do not send marketing emails.
Payment Data
Payments are processed by Stripe. When you purchase credits, you enter your card details directly on Stripe's secure checkout page. We never see, receive, or store your card number, CVV, or billing address.
We do receive a record of successful payments from Stripe so we can credit your account.
Uploaded Bank Statement Files
When you upload a PDF bank statement, the file is processed entirely in memory. It is never written to disk or stored in any database. Once processing is complete and your converted file is ready for download, the original upload is discarded. We have no copy of your bank statement files.
Analytics
We use Umami for website analytics. Umami is self-hosted on our own infrastructure — no data is sent to any third-party analytics service. Umami collects anonymised data only (page views, referrer, browser type, country-level location) and does not track individuals or use cookies.
How We Use Your Data
We use the data we collect to:
- Provide the service — process your bank statement files and deliver converted outputs
- Manage your account — authentication, credit balance, purchase history
- Send transactional messages — login codes, payment receipts
- Monitor service health — anonymised analytics to understand how the product is used and to fix issues
We do not sell your data, share it for advertising purposes, or use it for any purpose not listed here.
Legal Basis (GDPR)
For users in the European Economic Area, we process your data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing the service and processing payments | Performance of a contract (Art. 6(1)(b) GDPR) |
| Sending login codes and transactional emails | Performance of a contract (Art. 6(1)(b) GDPR) |
| Anonymised analytics and fraud prevention | Legitimate interests (Art. 6(1)(f) GDPR) |
Third-Party Processors
We work with a small number of carefully selected third-party services. Each processor only receives the minimum data necessary for their function.
| Processor | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email address, payment amount |
| Cloudflare | CDN, DDoS protection, transactional email sending | IP address, request metadata, email address |
| Render Services, Inc. | App server and database hosting (Frankfurt, Germany) | Email address, account data, credit balance |
For a complete, up-to-date list see our Subprocessors page.
Our analytics (Umami) is self-hosted — no data is shared with any third party for this purpose.
Data Retention
| Data | Retention period |
|---|---|
| Email address & account data | Kept for as long as your account is active |
| Uploaded bank statement files | Never stored — discarded from memory after processing |
| Payment records | Retained as required by applicable accounting and tax law |
| Anonymised analytics data | Retained indefinitely (no personal data is stored) |
You can delete your account at any time from within the app. Upon deletion, your email address and all associated account data are permanently removed. Payment records may be retained for legal compliance purposes only.
Your Rights
If you are based in the EEA, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Portability — request your data in a structured, machine-readable format
- Restriction — ask us to limit how we use your data in certain circumstances
- Objection — object to processing based on legitimate interests
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
Cookies & Tracking
We use a single session cookie to keep you logged in. This cookie is strictly necessary for the service to function and does not require consent.
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
For full details, see our Cookie Policy.
Contact & Complaints
For any privacy-related questions or requests, contact us at [email protected].
If you believe we are not handling your data in accordance with applicable law, you have the right to lodge a complaint with the relevant data protection supervisory authority in your country of residence.
Changes to This Policy
If we make material changes to this policy, we will update the "Last updated" date at the top of this page. For significant changes that affect how we use your personal data, we will notify you by email.
Continued use of BankStatementHive after changes are posted constitutes acceptance of the updated policy.