Privacy Policy

1.1 Information You Provide

We collect information that you voluntarily provide when using our service:

• Account Information: Name, email address, password, and billing information
• Bank Statements: PDF files you upload for conversion
• Transaction Data: Extracted data from your bank statements (dates, descriptions, amounts)
• Communication Data: Messages you send to our support team

1.2 Automatically Collected Information

When you access our service, we automatically collect certain information:

• Usage Data: Pages viewed, features used, time spent on the platform
• Device Information: Browser type, operating system, IP address
• Log Data: Access times, error logs, and performance metrics
• Cookies: Session identifiers and preference settings

1.3 Information from Third Parties

We may receive information from payment processors (Stripe) to process your subscription, and analytics providers (Google Analytics) to improve our service.

We use the collected information for the following purposes:

• Service Delivery: Process your bank statements and provide accurate conversions
• Account Management: Create and maintain your account, process payments
• Communication: Send service updates, respond to inquiries, provide customer support
• Security: Detect and prevent fraud, unauthorized access, and security threats
• Improvement: Analyze usage patterns to enhance our service quality
• Compliance: Meet legal obligations and enforce our Terms of Service

We implement industry-standard security measures to protect your data:

3.1 Encryption

• In Transit: All data transmission uses TLS 1.3 encryption (HTTPS)
• At Rest: Files stored on our servers use AES-256 encryption
• Database: Sensitive data is encrypted at the database level

3.2 Access Controls

• Multi-factor authentication for administrative access
• Role-based access control limiting employee access to data
• Regular access audits and permission reviews

3.3 Infrastructure Security

• Hosted on SOC 2 Type II certified infrastructure (Supabase/AWS)
• Regular security patches and updates
• Continuous monitoring and intrusion detection
• Regular third-party security audits and penetration testing

3.4 Data Retention

Uploaded Files: Automatically deleted after 30 days
Conversion History: Retained for 12 months or until account deletion
Account Data: Retained while your account is active, deleted within 90 days of account closure

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct any inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to certain types of data processing
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

We do not sell your personal data. We may share your information only in the following limited circumstances:

5.1 Service Providers

We work with trusted third-party service providers who assist us in operating our service:

• Supabase: Database and authentication (SOC 2 Type II certified)
• Stripe: Payment processing (PCI DSS compliant)
• AWS: Cloud infrastructure and storage
• Vercel: Application hosting and deployment

All service providers are bound by data processing agreements and can only use your data to provide services on our behalf.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of BS Convert, our users, or others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We use cookies and similar technologies to enhance your experience:

Types of Cookies We Use

You can control cookies through your browser settings. Note that disabling essential cookies may affect site functionality.

BS Convert is based in France and processes data within the European Union. If you access our service from outside the EU, your data may be transferred to and processed in the EU. We ensure that all international transfers comply with GDPR requirements through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain countries
• Appropriate safeguards to protect your data

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically. Your continued use of our service after changes are posted constitutes acceptance of the updated policy.