pdftoexcel

Privacy Policy

Last updated: June 2026

Data controller

The data controller for pdftoexcel is Matrizexplícita Lda, a company registered in Portugal. All data-protection correspondence should be addressed to the contact below.

What we collect

Files you upload (PDF bank statements), the transactions we extract from them, your account email, and basic usage metadata (page counts, parse timings). We do not collect your account numbers, card numbers, or routing numbers beyond what is printed on the statement you upload.

How we use it

Only to operate the converter — parse your PDF, compute the reconciliation, and deliver the exported file. We do not use your statements to train machine-learning models. We do not sell your data.

Manual review for failed conversions

When our automated pipeline can't reconcile a statement on its own (rare: rate- limited model, unusual layout, languages we haven't seen), we route the upload to a manual-review queue so an authorized engineer of Matrizexplícita Lda can reconcile it by hand and email you the corrected file. In that specific case:

  • Your original PDF is held in a private, encrypted storage bucket so the reviewer can open it. Access is restricted to admin-allowlisted Matrizexplícita staff.
  • You always receive an email when your upload enters the queue ("We've got your statement") and another one when it's delivered or declined. You can track status from your dashboard.
  • The PDF and any admin-produced result file are deleted 30 days after delivery or decline. You can request immediate deletion at any time.
  • We will never open a manual-review PDF for any purpose other than fulfilling your conversion request. We do not use it for training, demos, or analytics.
  • The legal basis for this processing is performance of the contract you entered into when you uploaded the file asking us to convert it (GDPR Art. 6(1)(b)).

Retention

By default, uploaded PDFs are deleted immediately after a successful automatic conversion; the extracted transactions (rows only, no raw PDF) are kept for 24 hours so you can re-download the exported file. Paid plans allow you to pin the extracted transactions longer (30–90 days depending on tier). Manual-review items follow the 30-day schedule described in the section above. You can delete any document manually at any time from your dashboard or by emailing the contact below.

Sub-processors

We use Vercel (hosting), Supabase (database + storage), Fly.io (worker), Stripe (payments), Resend (email), PostHog (product analytics, EU region), Google Analytics 4 (aggregate traffic measurement), and Google Gemini / Anthropic (model inference for the fallback path). When a PDF falls back to the AI extractor, its text is sent to the model provider. Providers do not retain data for training under the enterprise API terms we use.

Cookies & analytics

We use a single first-party cookie (cookie_consent) to remember your analytics choice. If you accept, we load two analytics providers behind that gate: PostHog (EU region) for product analytics — page views, uploads, downloads, clicks on pricing CTAs — and Google Analytics 4 for aggregate traffic measurement, which sets _ga and _ga_* cookies. We do not enable session replay, DOM autocapture, or Google Ads remarketing, so no transaction data, form input, or PDF content is ever sent to either provider; IP anonymisation is on for GA. If you reject (or your browser sends Do-Not-Track), no analytics cookies are set and no events are captured. You can change your choice at any time by clearing the cookie_consent cookie for this site — revoking consent also clears the GA cookies on the next page load.

Encryption & access

All traffic is served over HTTPS. Files at rest live in a private object-storage bucket with signed-URL access (default 5-minute TTL). Only your own account can list or download your documents.

Contact

Privacy questions or deletion requests — email hello@bankpdftoxls.com. Postal correspondence: Matrizexplícita Lda, Portugal.