Privacy Policy — BankScan AI

Effective: 8 April 2026
Last updated: 8 April 2026

1. Who we are

BankScan AI ("we", "us") provides an AI-powered tool that converts bank statements and receipts into spreadsheet formats. This policy explains what personal data we collect, how we use it, and who we share it with.

2. What we collect

Account data: email address and a hashed password when you sign up.
Billing data: Stripe customer ID and subscription status (Stripe stores payment details — we never see card numbers).
File content you upload: bank statements (PDF/CSV) and receipts (PDF/image) you choose to convert.
Usage metadata: parse counts, AI token usage, timestamps, and error logs used for billing, quota enforcement, and debugging.

3. How we use it

To run the parsing service you asked us to run on your file.
To enforce usage quotas, tier limits, and spend caps.
To bill for subscriptions and pre-purchased AI credit packs.
To detect and prevent abuse (rate limits, daily ceilings).
To send transactional emails (signup verification, account alerts). We do not send marketing email.

4. AI processing & sub-processors

BankScan AI uses third-party AI providers to read the content of your uploaded files. Every bank statement and receipt you upload is transmitted to our AI sub-processor to be parsed. We do not run our own computer-vision or OCR models — parsing is performed entirely by the sub-processor listed below.

Sub-processor	Purpose	Data shared	Location
Anthropic PBC (Claude API)	AI parsing of statements & receipts	Full content of uploaded files	United States
Stripe, Inc.	Payment processing & subscription billing	Email, billing details (card data held by Stripe)	United States / Ireland
Turso / SQLite	Account database	Email, hashed password, usage metadata	Configurable region
Vercel / Railway	Application hosting	HTTP traffic, ephemeral temp files during a parse	US / EU region of your deployment

Anthropic's API terms state that API inputs are not used to train their models by default. See Anthropic's Commercial Terms and Privacy Policy for their full data handling commitments.

5. File retention

Uploaded bank statements and receipts are held only for the duration of the parse request. Once your parsed output has been generated and delivered to you, the source file is deleted from our temp storage. Parsed outputs (Excel/CSV) are tracked so we can clean them up on a schedule (typically within 1 hour).

We do not retain a permanent copy of your bank statements or receipts.

6. Account deletion

You can delete your account at any time by contacting support. Deletion removes your user record, email, password hash, and all usage metadata. Stripe billing records are retained by Stripe in accordance with their own retention policies.

7. Your rights (UK/EU GDPR)

If you are in the UK or EU, you have the right to access, correct, delete, or export your personal data, and the right to object to processing. To exercise these rights, contact us at the email listed on our support page.

8. Children

BankScan AI is not intended for users under 16. We do not knowingly collect data from children.

9. Changes to this policy

We will update this page whenever we change sub-processors or materially change how we handle your data. The effective date above will be updated accordingly.

10. Contact

Questions about this policy or your data: please use the contact form on our support page.