Privacy Policy
Last updated: 7 July 2026
The headline: your bank statements never leave your computer. PDF2CSV parses PDFs with code running in your browser. Your files, the transactions in them, the CSVs you export — even your filenames — are never uploaded to us or anyone else. This isn't a policy choice that could quietly change; it's how the product is built.
What never leaves your browser
- Your statement PDFs, and any passwords used to open them
- Every transaction: dates, descriptions, amounts, balances
- The CSV files you export
- File names and file contents of any kind
None of this is transmitted, logged, or stored by us — the parser has no upload path. If a statement fails to parse, we receive only a generic error code (like a stage name), never the text that caused it.
What we do collect — the complete list
We collect the minimum needed to run accounts, subscriptions, and to know whether parsing succeeds in the wild. This is the complete list; if it's not in these tables, we don't collect it.
Your account
| Data | Why |
|---|---|
| Email address and sign-in identity (via Google, Microsoft, or email sign-in) | To sign you in and answer support email |
| Trial start/end date | To run the 7-day free trial |
| Subscription status and billing period end, plus Paddle customer & subscription IDs | To know whether your subscription is active. We never see your card number — payment details go directly to Paddle |
| Account created/updated timestamps | Record keeping |
Usage events
When you parse a statement or export a CSV, the app sends a small anonymous-in-content event so I can see whether the parser is working well. Each event contains exactly these fields:
| Field | Example |
|---|---|
| Event type | "statement parsed" or "CSV exported" |
| Success or failure | success |
| Error code (failures only — a machine code, never message text) | NO_TABLE_FOUND |
| Which parsing stage failed (failures only) | "columns" |
| Number of pages | 12 |
| Number of transactions | 340 |
| Processing time | 0.9 seconds |
| App version | 1.0.0 |
| Timestamp | 7 July 2026, 10:12 |
Note what's absent: no bank name, no file name, no amounts, no descriptions, no error message text. Counts and codes only.
Cookies and tracking
The app uses the cookies required to keep you signed in (set by Clerk, our authentication provider). There are no advertising trackers and no third-party analytics scripts on the site or in the app.
Who processes data for us
- Clerk (clerk.com) — sign-in and account identity
- Paddle (paddle.com) — checkout, payments, invoicing, as merchant of record; your payment details go to Paddle directly and never touch our systems
- Cloudflare — hosts this site, the app, and our small database
We don't sell or share your data with anyone else, full stop.
How long we keep it
Account and usage data are kept while your account exists, so trials, subscriptions and support work. Delete your account and we delete the lot (below).
Deleting your account and data
Email support@
Where data lives
Our database runs on Cloudflare's network; Clerk and Paddle are global services with their own compliance programs (see their privacy policies). We're an Australian business and handle personal information consistent with the Australian Privacy Principles.
Changes
If this policy changes materially, we'll update the date above and flag it in the app. The core promise — statements never leave your browser — is the product; it won't change.
Contact
Privacy questions: support@