HomeAbout UsGet in Touch

Stmt Privacy Policy

Last updated: July 28, 2025

At Stmt, we understand the sensitive nature of financial documents and are committed to protecting your privacy with the highest security standards. This Privacy Policy explains what information we collect, how we process your documents, and your rights regarding your data. By using Stmt, you agree to the practices described in this policy.

1. Information We Collect

Device Identification

  • Unique Device Identifier: We collect a unique device identifier to provide our services, manage subscriptions, and track entitlements. This identifier is automatically generated by your device and cannot be used to personally identify you.
  • Device Information: We collect technical information about your device including device type, model, manufacturer, brand, operating system platform and version.

Document Processing Data

  • File Upload Information: We temporarily receive PDF bank statements that you choose to upload for conversion to CSV or Excel format.
  • Conversion Preferences: We store your selected output format preferences (CSV or Excel) and formatting options during your session.
  • Processing Analytics: We collect anonymized data about conversion success rates and processing times to improve our services.

Analytics and Usage Data

  • App Usage Analytics: We collect information about how you use Stmt, including app launch count and features accessed.
  • Device Performance Data: We collect total memory and used memory information to optimize app performance and file processing capabilities.
  • Regional Information: We collect your device's locale settings to provide localized content and features.
  • Technical Data: We collect operating system information to ensure compatibility and optimize processing performance.

Information We Do NOT Collect or Store

  • We do not collect or store personal information such as names, email addresses, or phone numbers.
  • We do not permanently store your bank statements or any financial documents after processing.
  • We do not read, analyze, or store the actual financial content of your bank statements beyond the conversion process.
  • We do not collect location data beyond general locale settings.
  • We do not access your contacts or other personal files.
  • We do not retain any information that can personally identify you.
  • We do not store account numbers, transaction details, or any financial information contained in your documents.

2. How We Use Your Information

  • To provide secure PDF to CSV/Excel conversion services for bank statements and financial documents
  • To process uploaded PDF files through our advanced in-house document processing models on secure backend servers
  • To enhance conversion accuracy using our proprietary AI engine and external AI services from OpenAI and Anthropic when needed
  • To temporarily store converted files until you download them or until automatic deletion occurs
  • To process and manage in-app purchases and subscriptions through RevenueCat and app store services
  • To track and verify subscription entitlements across platforms
  • To optimize app performance and file processing capabilities based on device specifications
  • To provide localized content and features
  • To analyze usage patterns and improve conversion accuracy
  • To ensure app security and protect against unauthorized access to financial documents
  • To comply with app store requirements and legal obligations regarding financial data processing

3. How We Share Your Information

We do not sell, rent, or trade any collected information or processed documents to third parties. Given the sensitive nature of financial documents, we strictly limit data sharing to only what is absolutely necessary for processing:

  • App Store Services: We share necessary subscription and entitlement data with Apple App Store and Google Play Store to process purchases and verify subscriptions.
  • Subscription Management: We use RevenueCat to manage in-app purchases and subscriptions across platforms, sharing necessary subscription and device identifier data to provide seamless subscription services.
  • Document Processing Services: As part of our conversion process, we may share only the document content (not device or personal data) with external AI services including OpenAI and Anthropic to enhance our document processing capabilities.
  • Temporary Processing: External AI services process documents temporarily as part of our conversion pipeline and do not retain any data after processing is complete.
  • Legal Requirements: We may disclose aggregated, non-personal information if required by law, regulation, or legal process, but never actual document content unless legally compelled.
  • Security Partners: We work with certified security infrastructure providers to ensure secure document processing, but they never have access to document content.

4. Document Processing and Conversion System

Our Secure Processing Infrastructure

  • Advanced Processing Engine: We use our own proprietary, highly secure document processing AI models hosted on private, encrypted servers specifically designed for sensitive financial document handling.
  • Multi-Format Support: Users can upload PDF bank statements and receive accurate CSV or Excel conversions with preserved data structure.
  • Real-Time Processing: Documents are processed in real-time through our sophisticated backend AI system with enterprise-grade security measures.
  • Encrypted Transmission: All file uploads and downloads are encrypted using industry-standard SSL/TLS protocols.

External AI Services for Enhanced Accuracy

  • Enhanced Processing: To provide the highest conversion accuracy, we sometimes use external AI models from OpenAI and Anthropic as part of our document processing pipeline.
  • Limited Data Sharing: When using external AI services, we share only the document content necessary for processing - no device information, user data, or other personal information.
  • Temporary Processing: External AI services process documents temporarily as part of our conversion pipeline and do not retain any data after processing.
  • Privacy Protection: Our use of external services is designed to maintain maximum privacy while providing accurate conversion results.
  • Secure Integration: All external service integrations use encrypted connections and follow strict data handling protocols.

File Handling and Security

  • Secure Upload: PDF files are uploaded through encrypted connections to our secure processing servers.
  • Temporary Storage: Uploaded files and converted outputs are stored temporarily in encrypted form on secure servers.
  • Automatic Deletion: All files (original PDFs and converted outputs) are automatically deleted within 2 weeks maximum, or immediately after you download them.
  • No Content Analysis: We do not read, analyze, or extract personal financial information from your documents beyond what is necessary for format conversion.
  • Zero-Knowledge Processing: Our system is designed to convert file formats without retaining knowledge of the financial content.

5. Data Security for Financial Documents

  • We implement bank-level security measures specifically designed for processing sensitive financial documents.
  • All document processing occurs on isolated, encrypted servers with advanced security protocols and monitoring.
  • Our infrastructure meets or exceeds industry standards for financial data processing and storage.
  • All data transmission uses end-to-end encryption with secure protocols (SSL/TLS) and perfect forward secrecy.
  • Our servers are hosted in secure data centers with 24/7 physical security, biometric access controls, and environmental monitoring.
  • We conduct regular security audits, penetration testing, and vulnerability assessments of our document processing systems.
  • Access to processing systems is restricted to authorized personnel only and follows strict least-privilege principles.
  • We maintain comprehensive audit logs of all document processing activities for security monitoring.
  • Our external AI service integrations use secure, encrypted connections with immediate data disposal after processing.

6. File Retention and Deletion Policy

  • Uploaded PDF files are stored temporarily only during the conversion process and until you download the converted file.
  • Converted CSV/Excel files are available for download immediately after processing and remain available until downloaded or for a maximum of 2 weeks.
  • All files (both original PDFs and converted outputs) are automatically and permanently deleted from our servers within 2 weeks of upload, regardless of whether they were downloaded.
  • Once downloaded, converted files are immediately deleted from our servers unless you initiate another conversion.
  • We do not create backups or copies of any uploaded or converted financial documents.
  • Device identifiers and subscription data are retained only as long as necessary to provide our services.
  • RevenueCat processes and retains subscription data according to their data retention policies to manage cross-platform subscriptions.
  • Analytics data is anonymized and retained for up to 12 months to improve conversion accuracy and app performance.
  • When you uninstall Stmt, all data associated with your device is automatically deleted.
  • External AI services (OpenAI, Anthropic) process documents temporarily during conversion and do not retain any data.
  • Legal or regulatory requirements may require us to retain certain metadata (but never document content) for specified periods.

7. Your Privacy Rights

General Rights

  • Right to Information: You can request information about what data we collect (as outlined in this policy).
  • Right to Deletion: You can request immediate deletion of any files currently being processed by contacting us.
  • Right to Access: You can request information about the processing status of your documents.
  • Right to Withdraw Consent: You can stop using our services at any time, which will result in immediate deletion of any processing files.

GDPR Rights (EU Users)

  • Right to access personal data (note: we process documents temporarily but do not collect personally identifiable user information)
  • Right to rectification of inaccurate data
  • Right to erasure ('right to be forgotten') - we can immediately delete any files currently being processed
  • Right to restrict processing - you can request we halt processing of your documents
  • Right to object to processing
  • Right to data portability for your converted files

CCPA Rights (California Users)

  • Right to know what information is collected and processed
  • Right to delete collected information and processed documents
  • Right to opt-out of the sale of information (note: we do not sell any information or documents)
  • Right to non-discrimination for exercising your privacy rights

Financial Data Protection Rights

  • Right to immediate file deletion upon request
  • Right to know exactly how long your documents are retained
  • Right to receive confirmation when your documents have been permanently deleted
  • Right to understand what external services may process your documents

8. Children's Privacy

  • Stmt is not intended for use by children under 13 years of age, as it processes sensitive financial documents.
  • We do not knowingly collect personal information from children under 13.
  • If we become aware that a child under 13 has provided us with documents, we will immediately delete all associated data.
  • Parents who discover their child has used Stmt should contact us immediately for data deletion.
  • We comply with the Children's Online Privacy Protection Act (COPPA) and similar international laws.
  • All data collection is limited to anonymous technical and usage information, never personal financial data.

9. International Data Transfers and Compliance

  • Stmt is operated by PureSoft Labs OÜ, based in Tallinn, Estonia, European Union.
  • We process and store data in secure facilities that comply with international data protection standards including GDPR, CCPA, and financial data protection regulations.
  • All international data transfers comply with applicable data protection laws and include appropriate safeguards.
  • We ensure that any cross-border processing of financial documents meets the highest security standards.
  • Since we do not permanently store financial documents or collect personally identifiable user information, privacy risks are minimized.
  • Our external AI service providers (OpenAI and Anthropic) also comply with international data protection standards.
  • You can contact us for specific information about where your documents are processed.

10. App Store Compliance

Apple App Store

  • We comply with Apple's App Store Review Guidelines and privacy requirements for financial applications.
  • Subscription management is handled through Apple's App Store infrastructure.
  • We follow Apple's strict guidelines for apps that process sensitive financial data.

Google Play Store

  • We comply with Google Play's Developer Policy and privacy requirements for financial applications.
  • Subscription management utilizes Google Play Billing services.
  • We adhere to Google Play's enhanced data safety and privacy standards for financial apps.

11. Third-Party Services

  • Apple App Store: In-app purchases and subscriptions governed by Apple's Privacy Policy
  • Google Play Store: In-app purchases and subscriptions governed by Google's Privacy Policy
  • RevenueCat: Subscription management and analytics services governed by RevenueCat's Privacy Policy
  • OpenAI: AI processing services for enhanced document conversion accuracy, governed by OpenAI's Privacy Policy
  • Anthropic: AI processing services for enhanced document conversion accuracy, governed by Anthropic's Privacy Policy
  • Cloud Infrastructure Providers: Secure hosting services for document processing, governed by enterprise-grade security agreements

When using external AI services, we share only document content necessary for conversion and no personal or device information. External services process documents temporarily and do not retain any data. For subscription services, we share necessary subscription and device identifier data to provide seamless subscription services across platforms. We encourage you to review the privacy policies of these third-party services.

12. Data Breach Response

  • In the unlikely event of a security incident affecting document processing, we will immediately halt all processing and investigate.
  • We maintain an incident response plan specifically designed for financial document processing breaches.
  • We will notify affected users within 72 hours if a breach may have compromised their documents.
  • We will provide clear information about what data may have been affected and what steps we are taking.
  • We will cooperate fully with relevant authorities and provide updates throughout the incident response process.
  • Our temporary file storage and automatic deletion policies minimize the potential impact of any security incidents.

13. Changes to This Policy

  • We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or security enhancements.
  • We will notify you of any significant changes through the Stmt app or app store update notes.
  • Changes that affect how we handle financial documents will be prominently highlighted.
  • The updated policy will be effective immediately upon posting.
  • Your continued use of Stmt after changes constitutes acceptance of the updated policy.
  • We recommend reviewing this policy periodically to stay informed about our privacy practices.

14. Contact Information

Stmt is owned and operated by PureSoft Labs OÜ. If you have questions about this Privacy Policy, want to exercise your privacy rights, or need immediate file deletion, please contact us:

  • Email: [email protected]
  • Address: PureSoft Labs OÜ, Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia

For immediate file deletion requests, we will respond within 2 hours during business hours. For GDPR-related inquiries, we will respond within 30 days. For other privacy requests, we aim to respond within 7 business days.