Privacy Policy

Effective Date: March 10, 2026

1. Introduction

StatementPro.ai ("Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you use the StatementPro.ai website, platform, APIs, and related services (collectively, the "Service").

We recognize that bank statements and financial documents contain some of the most sensitive personal and business information. Our privacy practices are designed to reflect the trust you place in us when you use our Service. We encourage you to read this Privacy Policy carefully and to visit our Security page for additional details on how we protect your data.

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy is incorporated into and subject to our Terms of Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, company name (if applicable), and password.
• Payment Information: When you subscribe to a paid plan, we collect billing details including your payment card number, expiration date, and billing address. Payment information is processed and stored by our PCI-compliant third-party payment processor; we do not store full payment card numbers on our servers.
• Uploaded Documents: Bank statements and other financial documents you upload to the Service for conversion.
• Communications: Information you provide when you contact our support team, submit feedback, or respond to surveys.
• Profile Information: Any additional information you choose to add to your account profile, such as job title, phone number, or preferences.

2.2 Information Collected Automatically

• Usage Data: Information about how you interact with the Service, including pages visited, features used, conversion history, file types processed, and timestamps.
• Device Information: Browser type and version, operating system, device type, screen resolution, and unique device identifiers.
• Log Data: IP address, access times, referring URLs, error logs, and server request data.
• Location Data: Approximate geographic location derived from your IP address.

2.3 Information from Third Parties

• Analytics Providers: We may receive aggregated analytics data from services such as Google Analytics.
• Authentication Services: If you sign in using a third-party service (e.g., Google Sign-In), we receive basic profile information as authorized by you.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain the Service, including processing your document conversions and delivering Output Data.
• Account Management: To create and manage your account, process payments, and provide customer support.
• Service Improvement: To understand how the Service is used, identify issues, and develop new features and improvements. We may use anonymized and aggregated data for this purpose.
• Communication: To send you transactional emails (e.g., account confirmations, conversion notifications, billing receipts), respond to your inquiries, and provide support.
• Marketing: With your consent, to send you information about new features, promotions, and updates. You may opt out of marketing communications at any time.
• Security: To detect, prevent, and address fraud, abuse, security threats, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

Important: We do not use the content of your uploaded financial documents for advertising, marketing profiling, AI model training, or any purpose other than providing the conversion service you requested.

4. Data Processing and Retention

4.1 Document Processing

When you upload a document, it is processed using our AI-powered extraction engine. The processing occurs on secure, encrypted servers. Your documents are:

• Encrypted in transit using TLS 1.3.
• Encrypted at rest using AES-256 encryption.
• Processed in isolated environments to prevent cross-contamination between users.
• Accessible only to you through your authenticated account.

4.2 Retention Periods

• Uploaded Documents: Retained for the duration specified in your account settings or plan tier. You may delete uploaded documents at any time through your account dashboard.
• Output Data: Retained for the same period as uploaded documents unless you download and delete them sooner.
• Account Information: Retained for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements.
• Usage and Log Data: Retained for up to 24 months for analytics and security purposes, then anonymized or deleted.
• Payment Records: Retained as required by tax and financial regulations (typically 7 years).

4.3 Data Deletion

You may request deletion of your personal data at any time by contacting us at privacy@statementpro.ai. Upon account termination, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, financial record-keeping).

5. Data Security

We take the security of your data seriously and implement comprehensive technical and organizational measures to protect it, including:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Controls: Strict role-based access controls limit employee access to user data on a need-to-know basis.
• Infrastructure Security: Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 compliance, physical security controls, and redundancy.
• Monitoring: Continuous monitoring and logging of access to detect and respond to security incidents.
• Secure Development: Regular security assessments, code reviews, and vulnerability testing.
• Incident Response: A documented incident response plan to promptly address any security breaches.

For a detailed overview of our security practices, please visit our Security page.

While we strive to protect your data using commercially reasonable measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying affected users in the event of a data breach as required by applicable law.

6. Third-Party Services

We may share information with the following categories of third-party service providers, solely as necessary to operate and improve the Service:

• Cloud Infrastructure: Hosting and computing services for data storage and processing.
• Payment Processing: PCI-compliant payment processors to handle billing transactions. We do not store full credit card numbers.
• Analytics: Services that help us understand usage patterns and improve the Service (e.g., Google Analytics). These services receive anonymized or aggregated data where possible.
• Customer Support: Tools to manage support tickets and communications.
• Email Services: Transactional and marketing email delivery platforms.

We require all third-party service providers to maintain appropriate security measures and to process personal data only as instructed by us and in accordance with this Privacy Policy. We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function, including authentication, session management, and security. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with the Service so we can improve it. These collect anonymized usage data.
• Preference Cookies: Remember your settings and preferences (e.g., language, display options) to enhance your experience.
• Marketing Cookies: Used with your consent to measure the effectiveness of our advertising campaigns. We do not serve third-party behavioral advertising.

7.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, disabling essential cookies may impair your ability to use the Service. You may also manage your cookie preferences through our cookie consent banner when visiting the Service.

7.3 Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. We currently do not respond to DNT signals, as there is no industry-wide standard for compliance. We will update this policy if a standard is established.

8. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Access: The right to request a copy of the personal data we hold about you.
• Correction: The right to request correction of inaccurate or incomplete personal data.
• Deletion: The right to request deletion of your personal data, subject to certain legal exceptions.
• Portability: The right to receive your personal data in a structured, commonly used, machine-readable format.
• Restriction: The right to request that we restrict processing of your personal data under certain circumstances.
• Objection: The right to object to processing of your personal data for certain purposes, including direct marketing.
• Withdrawal of Consent: Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@statementpro.ai. We will respond to your request within 30 days (or sooner as required by applicable law). We may need to verify your identity before processing your request.

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination. We do not sell or share personal information as defined under the CCPA/CPRA.

8.2 European Economic Area Residents (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing include contract performance, legitimate interests, legal obligations, and consent. You have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not directed to individuals under the age of 18 (or the age of legal majority in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@statementpro.ai.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. These countries may have data protection laws that differ from the laws of your country.

When we transfer personal data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Data processing agreements with all third-party service providers.
• Compliance with applicable data transfer frameworks.

By using the Service, you acknowledge and consent to the transfer and processing of your information as described in this section.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this page.
• Notify you via email or through a prominent notice on the Service at least 30 days before changes take effect.
• Provide you with the opportunity to review the changes before they become effective.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: privacy@statementpro.ai
• General Support: support@statementpro.ai
• Website: https://statementpro.ai

For information about our security measures and data protection practices, please visit our Security page. For the terms governing your use of the Service, please review our Terms of Service.