Privacy Policy & Data Protection

This privacy policy was last updated on July 20, 2025

Bank Statement Conversion is a service provided by MTTenterprise Inc., a company registered and operating in Ottawa, Ontario, Canada. Our main office is located at 1525 Alta Vista DR, Suite 201, Ottawa, Ontario K1G 0G1.

This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our bank statement conversion service.

Bank Statement Conversion allows users to convert bank statements from PDF, scanned PDF, or image formats to CSV, Excel, Xero, QuickBooks, or Word formats for easier financial management and record-keeping.

Our service is designed to securely process financial documents while maintaining the highest standards of privacy and data protection.

As a Canadian business serving customers worldwide, we comply with applicable privacy laws in all jurisdictions where we serve users:

Canada

• • Personal Information Protection and Electronic Documents Act (PIPEDA)
• • Provincial privacy laws where applicable

European Union & United Kingdom

• • General Data Protection Regulation (GDPR)
• • UK General Data Protection Regulation (UK GDPR)
• • Enhanced data subject rights (see EU/UK Customer Rights section below)

United States

• • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• • Virginia Consumer Data Protection Act (VCDPA)
• • Colorado Privacy Act (CPA)
• • Connecticut Data Privacy Act (CTDPA)

Our practices are regularly reviewed to ensure ongoing compliance with evolving privacy regulations worldwide.

Information We Collect

Legal Basis for Processing: We process your information based on your consent, contract performance (for subscription services), and our legitimate business interests (for service improvement and security).

• • Device identification (browser fingerprint and device ID)
• • IP address and geographic location
• • Browser type and operating system
• • User agent information
• • Usage statistics and conversion history

Bank Statement Processing

• • PDF bank statements, scanned PDFs, and scanned images are processed on our secure servers
• • Files are converted to CSV, Excel, Xero, QuickBooks, or Word formats
• • All processing follows strict security protocols
• • Files are stored according to your subscription plan's retention period
• • Data may be used in anonymized form to improve our conversion algorithms

Usage Tracking

• • Daily and monthly usage monitoring
• • Conversion history for registered users
• • Anonymous analytics for service improvement

Technical Security

• • 256-bit SSL/TLS encryption for all data transmission
• • Secure file upload and download protocols
• • Encrypted storage systems with AES-256 encryption
• • Regular penetration testing and security audits
• • Multi-factor authentication for administrative access

Data Protection

• • Secure server infrastructure in SOC 2 compliant data centers
• • Strict access controls and authentication protocols
• • Regular security updates and vulnerability patching
• • Data is isolated and segmented by customer
• • 24/7 infrastructure monitoring and anomaly detection

Your Rights

• • Access to your personal data and conversion history
• • Request correction of inaccurate information
• • Request complete deletion of your account and associated data
• • Download your data in a portable format
• • Opt-out of service improvements using your data
• • Business users can request audit logs of data access

Data Retention

Files are retained according to your subscription plan as outlined below. You may request earlier deletion at any time.

After the retention period, files are automatically and permanently deleted from our systems. We may retain anonymized, non-identifiable data derived from processing for service improvement purposes. Business and Enterprise customers can establish custom retention policies or opt out of extended retention.

Our service uses cookies and similar technologies to enhance your experience and improve our services:

• • Essential cookies to maintain your session state and security
• • Preference cookies to remember your settings and choices
• • Analytics cookies to understand how our service is used
• • Performance cookies to optimize service delivery

You can manage cookie preferences through your browser settings. Disabling certain cookies may limit functionality of our service.

Payment Processing

• • Stripe payment processing for secure transactions
• • Payment information is not stored on our servers
• • Credit card details are handled directly by Stripe
• • We receive only transaction confirmations, not payment details

Analytics & Monitoring

• • Anonymous usage analytics to improve service
• • Performance monitoring for system reliability
• • Error tracking and reporting for issue resolution

Refund Request Data Sharing

By using our app and making in-app purchases, you consent to our sharing of data regarding your usage and consumption of purchased content with Apple, Google, and Stripe, as part of our efforts to resolve refund requests. This information may include details about how you have accessed and interacted with the purchased content. The purpose of sharing this data is to help Apple, Google, and Stripe make informed decisions regarding refund requests. We ensure that such data sharing is done in compliance with Apple's policies, Google Play's policies, and Stripe's requirements and only as necessary to process your requests.

• • Apple (via RevenueCat): For iOS in-app purchases and subscriptions, usage and interaction data may be shared to support refund decision-making
• • Google Play Store: For Android in-app purchases and subscriptions, usage and interaction data may be shared to support refund decision-making
• • Stripe: For direct payment processing and web subscriptions, transaction and usage details may be shared for dispute resolution
• • Data Types: Service usage patterns, conversion history, account activity, and technical interaction details
• • Legal Basis: Your consent and our legitimate business interests in processing refund requests and preventing fraud

Data Processing Agreements

For Business and Enterprise customers, we offer Data Processing Agreements (DPAs) to formally establish roles and responsibilities regarding data protection. Contact our Data Protection Officer to request a DPA.

In the unlikely event of a data breach affecting your personal information, we will:

• • Notify you within 72 hours of discovery
• • Provide details about the nature of the breach
• • Outline steps we've taken to mitigate the impact
• • Recommend actions you can take to protect yourself
• • Report to relevant regulatory authorities as required by law

We maintain a comprehensive incident response plan that is regularly tested and updated to ensure prompt and effective action in case of any security incidents.

If you are located in the European Union or United Kingdom, you have additional rights under GDPR/UK GDPR:

Enhanced Data Subject Rights

• • Right of Access: Request copies of your personal data
• • Right to Rectification: Request correction of inaccurate data
• • Right to Erasure: Request deletion of your personal data
• • Right to Data Portability: Receive your data in a structured format
• • Right to Object: Object to processing based on legitimate interests
• • Right to Restrict Processing: Limit how we use your data

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

Contact for EU/UK Rights

To exercise your GDPR rights, contact us at: [email protected] with "GDPR Request" in the subject line.

If you are a resident of California, Virginia, Colorado, or Connecticut, you have specific rights under state privacy laws:

Your Rights

• • Right to Know: What personal information we collect and how it's used
• • Right to Delete: Request deletion of your personal information
• • Right to Opt-Out: Opt-out of sale of personal information (we don't sell data)
• • Right to Non-Discrimination: Equal service regardless of exercising rights
• • Right to Correct: Request correction of inaccurate information

Data Sale Disclosure

We do not sell, rent, or share personal information with third parties for monetary consideration.

Contact for US Rights

To exercise your state privacy rights, contact us at: [email protected] with "Privacy Rights Request" in the subject line.

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately, and we will take steps to remove that information from our servers.

We may update this Privacy Policy periodically to reflect changes in our practices, service offerings, or regulatory requirements. We will notify registered users of significant changes by email and post notices on our website at least 30 days before the changes take effect.

Continued use of our service after policy updates constitutes acceptance of the revised terms. We encourage you to review our Privacy Policy regularly.

Our services are hosted on servers located in Canada. If you are accessing our services from outside Canada, please be aware that your information may be transferred to, stored, and processed in Canada where our servers are located.

We implement appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy, regardless of where it is processed or stored. These safeguards include:

• • Contractual data protection clauses with service providers
• • Encryption of data in transit and at rest
• • Regular security assessments and compliance audits
• • Adequacy decisions where applicable under privacy laws