Privacy Policy

1. Introduction

Banksheet (“we”, “us”, or “our”) operates the website banksheet.io and provides an AI-powered financial document conversion service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read this policy carefully. If you disagree with its terms, please discontinue use of the service.

2. Data We Collect

We collect only the minimum data necessary to provide the service:

2.1 Account Information

When you create an account, we collect your email address. We do not collect your name, phone number, or physical address unless you voluntarily provide it to us via support channels.

2.2 Uploaded Documents

To use the conversion service you upload financial documents in PDF, JPG, or PNG format. These documents are transmitted over an encrypted HTTPS connection to our processing pipeline. Uploaded documents are not stored permanently on Banksheet servers. Files are held in memory only for the duration of the AI extraction process, then discarded.

2.3 Extracted Transaction Data

After extraction, structured transaction data (dates, descriptions, amounts) is stored in your account so you can download or review it. This data is associated with your user account and stored in our Supabase database.

2.4 Usage and Technical Data

We may collect standard server logs and usage analytics such as pages visited, conversion counts, and general device/browser information. This data is used solely to improve the service and is not linked to any identifiable individual beyond your account.

3. How Uploaded Documents Are Processed

When you upload a document, it is sent to Google’s Gemini API for AI vision extraction. Google processes the file content in order to identify and extract transaction data. Banksheet does not control Google’s data handling beyond what is governed by Google’s API terms of service, which you can review atai.google.dev/terms.

Once extraction is complete, the raw file is not retained by Banksheet. Only the structured output (transaction rows) is stored in association with your account so that you can download results.

4. Data Retention and Auto-Purge

Banksheet provides an auto-purge feature to minimize data retention:

• Auto-purge (24-hour): When auto-purge is enabled in your account settings, extracted transaction data is automatically deleted from our servers 24 hours after the conversion is completed.
• Manual purge: You may delete any conversion result at any time from your dashboard, regardless of whether auto-purge is enabled.
• Account deletion: Deleting your account removes all associated transaction data, conversion history, and account information from our databases within 30 days.

5. Third-Party Services

5.1 Supabase

We use Supabase for authentication and database storage. Your email address and extracted transaction data are stored in Supabase-managed infrastructure. Supabase is SOC 2 Type II certified and applies industry-standard security practices. See Supabase’s privacy policy at supabase.com/privacy.

5.2 Stripe

Payment processing is handled entirely by Stripe. Banksheet does not store, transmit, or have access to your full card number, CVV, or bank account details. All payment data is handled directly by Stripe’s PCI-DSS-compliant infrastructure. See Stripe’s privacy policy at stripe.com/privacy.

5.3 Google Gemini API

Uploaded documents are processed by Google’s Gemini API as described in Section 3. We do not send personally identifying information to the Gemini API beyond the contents of the documents you choose to upload.

6. Data Sharing and Sale

We do not sell, rent, or trade your personal data to any third party.

We may disclose your information only in the following limited circumstances: (a) with service providers who process data on our behalf and are bound by confidentiality obligations (such as Supabase and Stripe); (b) if required by applicable law, court order, or government regulation; (c) to protect the rights, property, or safety of Banksheet, our users, or others.

7. Your Rights

You have the following rights with respect to your personal data:

• Access: You may request a copy of the personal data we hold about you.
• Deletion: Deleting your account from the dashboard removes all associated data. You may also contact us to request data deletion without deleting your account.
• Portability: Your extracted transaction data is available for download in CSV format from your dashboard at any time.
• Correction: If any account information we hold is inaccurate, please contact us and we will correct it promptly.

8. Security

We implement industry-standard technical measures to protect your information, including TLS/HTTPS encryption for all data in transit, access controls restricting database access to authorised personnel only, and the use of SOC 2-certified infrastructure providers. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Cookies

Banksheet uses essential cookies and local storage to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies that profile you across other websites.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and notify registered users via email. Continued use of the service after such notification constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the data we hold about you, please contact us at support@banksheet.io. We aim to respond to all privacy-related inquiries within 5 business days.