Privacy Policy

Last updated: July 14, 2026

EU Data Hosting

All data is securely hosted and processed on servers within the European Union.

1. Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is the operator of Convertisseur de Relevés Bancaires. Contact information can be found on our contact page.

2. Data Collected

When using Convertisseur de Relevés Bancaires, the following data is processed:

2.1 Account Data

  • Email address (for registration and communication)
  • Name (optional, for personalized communication)
  • Password (stored encrypted)

2.2 Usage Data

  • Uploaded documents (PDF bank statements)
  • Converted files (Excel export)
  • Usage statistics (pages processed per month)

2.3 Technical Data

  • IP address
  • Browser type and version
  • Time of access
  • Referrer URL

3. Purpose of Data Processing

We process your data for the following purposes:

  • Providing and improving our service
  • Managing your user account
  • Billing and payment processing
  • Communication regarding your account or service
  • Ensuring the security of our systems

4. Legal Basis

The processing of your data is based on the following legal grounds:

  • Art. 6(1)(b) GDPR: Contract performance (use of service)
  • Art. 6(1)(a) GDPR: Consent (newsletter, optional features)
  • Art. 6(1)(f) GDPR: Legitimate interests (security, improvement)

5. Data Storage and Deletion

5.1 Storage Location

All data is stored and processed on servers within the European Union. We use Supabase (with servers in Frankfurt, Germany) for data storage and Google Cloud Platform (EU region) for document processing.

5.2 Retention Period

  • Uploaded documents: Optionally deleted after download or retained for later editing
  • Account data: Until account deletion
  • Billing data: 10 years (legal retention requirement)
  • Technical logs: Maximum 30 days

6. Disclosure to Third Parties

We only share your data with third parties in the following cases:

  • Payment processing: Stripe (PCI-DSS certified)
  • Cloud infrastructure: Supabase, Google Cloud Platform (EU servers)
  • Authentication: Supabase Auth

All third-party providers are contractually obligated to comply with GDPR. No data is shared for advertising purposes.

7. Cookies and Tracking

We only use technically necessary cookies for:

  • Session management (login)
  • Language settings
  • Security tokens

We do not use marketing or tracking cookies. No data is transmitted to advertising networks or third-party analytics tools.

8. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): Learn what data we store about you
  • Right to rectification (Art. 16 GDPR): Correct inaccurate data
  • Right to erasure (Art. 17 GDPR): Request deletion of your data
  • Right to restriction (Art. 18 GDPR): Restrict processing
  • Right to data portability (Art. 20 GDPR): Receive your data in machine-readable format
  • Right to object (Art. 21 GDPR): Object to certain processing

To exercise your rights, please contact us through our contact form.

9. Data Security

We implement comprehensive security measures:

  • SSL/TLS encryption for all data transfers
  • Encrypted storage of sensitive data
  • Regular security audits
  • Access control and monitoring
  • Automatic backups

10. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your data. The competent authority depends on your residence or the registered office of the controller.

11. Changes to this Privacy Policy

We reserve the right to update this privacy policy as needed. Significant changes will be communicated to you by email. The current version is always available on this page.

12. Contact

If you have questions about data protection, please contact us through our contact form or by email. We will address your concern as soon as possible.