Privacy Policy
Last updated: July 14, 2026
EU Data Hosting
All data is securely hosted and processed on servers within the European Union.
1. Controller
The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is the operator of Convertisseur de Relevés Bancaires. Contact information can be found on our contact page.
2. Data Collected
When using Convertisseur de Relevés Bancaires, the following data is processed:
2.1 Account Data
- Email address (for registration and communication)
- Name (optional, for personalized communication)
- Password (stored encrypted)
2.2 Usage Data
- Uploaded documents (PDF bank statements)
- Converted files (Excel export)
- Usage statistics (pages processed per month)
2.3 Technical Data
- IP address
- Browser type and version
- Time of access
- Referrer URL
3. Purpose of Data Processing
We process your data for the following purposes:
- Providing and improving our service
- Managing your user account
- Billing and payment processing
- Communication regarding your account or service
- Ensuring the security of our systems
4. Legal Basis
The processing of your data is based on the following legal grounds:
- Art. 6(1)(b) GDPR: Contract performance (use of service)
- Art. 6(1)(a) GDPR: Consent (newsletter, optional features)
- Art. 6(1)(f) GDPR: Legitimate interests (security, improvement)
5. Data Storage and Deletion
5.1 Storage Location
All data is stored and processed on servers within the European Union. We use Supabase (with servers in Frankfurt, Germany) for data storage and Google Cloud Platform (EU region) for document processing.
5.2 Retention Period
- Uploaded documents: Optionally deleted after download or retained for later editing
- Account data: Until account deletion
- Billing data: 10 years (legal retention requirement)
- Technical logs: Maximum 30 days
6. Disclosure to Third Parties
We only share your data with third parties in the following cases:
- Payment processing: Stripe (PCI-DSS certified)
- Cloud infrastructure: Supabase, Google Cloud Platform (EU servers)
- Authentication: Supabase Auth
All third-party providers are contractually obligated to comply with GDPR. No data is shared for advertising purposes.
7. Cookies and Tracking
We only use technically necessary cookies for:
- Session management (login)
- Language settings
- Security tokens
We do not use marketing or tracking cookies. No data is transmitted to advertising networks or third-party analytics tools.
8. Your Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15 GDPR): Learn what data we store about you
- Right to rectification (Art. 16 GDPR): Correct inaccurate data
- Right to erasure (Art. 17 GDPR): Request deletion of your data
- Right to restriction (Art. 18 GDPR): Restrict processing
- Right to data portability (Art. 20 GDPR): Receive your data in machine-readable format
- Right to object (Art. 21 GDPR): Object to certain processing
To exercise your rights, please contact us through our contact form.
9. Data Security
We implement comprehensive security measures:
- SSL/TLS encryption for all data transfers
- Encrypted storage of sensitive data
- Regular security audits
- Access control and monitoring
- Automatic backups
10. Right to Complain
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your data. The competent authority depends on your residence or the registered office of the controller.
11. Changes to this Privacy Policy
We reserve the right to update this privacy policy as needed. Significant changes will be communicated to you by email. The current version is always available on this page.
12. Contact
If you have questions about data protection, please contact us through our contact form or by email. We will address your concern as soon as possible.