BankConv

Privacy Policy

Effective date: 27 April 2026

This Privacy Policy explains what data BankConv ("BankConv", "we", "us") collects, why we collect it, who we share it with, and how long we keep it. It applies to the website at https://bankconv.com, the REST API at https://bankconv.com/api/v1, and the "BankConv for Google Sheets" add-on.

BankConv is operated by Catnap LLC (doing business as BankConv), located at 30 North Gould Street Sheridan, WY 82801. This entity is responsible for the personal data and financial documents described in this Privacy Policy.

What we collect

Account data. When you create an account we collect your name, email address, hashed password, and (for paid plans) the billing details required by our payment processor.

Documents you upload. When you convert a bank statement, we receive the PDF you upload, any password you supply to unlock it, and the structured data extracted from it (transaction rows, dates, amounts, balances, account metadata).

Usage data. We log API requests, conversion events, IP addresses, browser user agent, and error traces. This is used for security, abuse prevention, and product improvement.

Cookies. We use first-party cookies for authentication and session management. We do not use advertising cookies.

Google user data (Google Sheets add-on)

When you authorize the BankConv for Google Sheets add-on, the add-on requests the following OAuth scopes:

  • script.container.ui — to render the BankConv sidebar inside Google Sheets
  • script.external_request — to call the BankConv API at https://bankconv.com/api/
  • script.storage — to store your BankConv access token in Apps Script user properties
  • spreadsheets.currentonly (@OnlyCurrentDoc) — to write converted transactions to the spreadsheet you have open

What this means in practice:

  • The add-on only reads or writes the spreadsheet that is currently open. It cannot see other Drive files.
  • The PDF you choose in the sidebar is uploaded to BankConv for conversion. The resulting CSV is written back into a new tab in the same spreadsheet.
  • Your BankConv access token is stored in Apps Script user properties, scoped to your Google account, until you disconnect.
  • We do not read, copy, or index any other content from your Google account.

Limited Use. BankConv's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to train generalized AI models, we do not sell it, we do not share it with third parties for advertising, and human access is restricted to debugging or security investigations with your explicit consent or where required by law.

You can revoke the add-on's access at any time from the sidebar's "Disconnect" action or at myaccount.google.com/permissions.

How we use your data

We use the data we collect to:

  • Provide the conversion service and deliver results back to you
  • Authenticate you, secure your account, and enforce rate limits
  • Bill you for paid plans and prevent fraud
  • Communicate transactional notices (receipts, security alerts, service updates)
  • Improve accuracy and reliability through aggregated, de-identified analytics
  • Comply with legal obligations

We do not sell your data, and we do not use the contents of your bank statements or Google user data to train generalized machine learning models.

Who we share data with

We share data only with the service providers required to operate BankConv:

  • Stripe — payment processing and subscription billing
  • Cloud hosting and storage providers — running the Service infrastructure and storing uploaded files
  • Email delivery providers — sending transactional email
  • Error monitoring providers — capturing application errors so we can fix bugs

Each provider is contractually bound to use your data only to provide their service to us. We may also disclose data when required by law, court order, or to protect the rights, safety, and property of BankConv or its users.

Data retention

  • Uploaded PDFs and extracted data — automatically deleted after the retention window configured for your team (24, 48, or 72 hours). After expiration, download requests return 410 Gone.
  • Account data — kept while your account is active, then deleted or anonymized within 90 days of account closure, except where longer retention is required by tax or legal obligations.
  • Logs and usage data — retained for up to 12 months for security and abuse prevention.
  • Google OAuth access tokens — stored in Apps Script user properties on your Google account until you disconnect the add-on; revoked from our servers when you disconnect.

Your rights

Depending on your jurisdiction, you have the right to access, correct, export, delete, or restrict processing of your personal data, and to object to processing or withdraw consent. To exercise these rights, email [email protected]. We respond within 15 working days.

You can also delete your account directly from your dashboard at any time.

Security

Data is encrypted in transit (TLS 1.2+) and at rest. Files are processed in isolated environments. Access to production systems is restricted, logged, and protected by two-factor authentication. We will notify affected users without undue delay if we discover a personal data breach.

International transfers

Your data may be processed in countries other than your own. Where required, we rely on Standard Contractual Clauses or equivalent safeguards to protect international transfers.

Children

The Service is not directed to children under 16, and we do not knowingly collect data from them.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or in-product notice at least seven days before they take effect.

Contact

Privacy questions, data requests, or complaints can be sent to:

  • Legal entity: Catnap LLC
  • Email: [email protected]
  • Address: 30 North Gould Street Sheridan, WY 82801