Privacy Policy

Effective Date: January 28, 2025

Last Updated: January 28, 2025

Statement Desk ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Statement Desk, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not use our service.

Information We Collect

Personal Information

  • Google Account Data: When you sign in with Google OAuth, we collect your name, email address, and profile picture
  • Contact Information: Email address for account management, support, and service-related communications
  • Usage Data: Information about how you interact with our service, including features used, processing history, and error logs
  • Device Information: Browser type, IP address, device type, and operating system for security and service optimization

Financial Data

  • Bank Statements: PDF files containing transaction history that you explicitly upload or select from Google Drive
  • Transaction Data: Transaction dates, amounts, descriptions, merchant names, and categories extracted from your statements
  • Account Information: Bank names and partial account numbers (last 4 digits only) for identification purposes
  • Financial Insights: Generated budgets, forecasts, spending patterns, and AI-powered analytics based on your transaction data

Google Workspace Data

  • Google Drive Access: Read-only access to PDF files you explicitly select for processing
  • Google Sheets Access: Read and write permissions to create and update spreadsheets for data export
  • Authentication Tokens: Encrypted OAuth tokens for maintaining secure access to Google services

How We Use Your Information

Primary Uses

  1. Process Bank Statements: Extract and analyze transaction data from PDF files using AI and traditional parsing methods
  2. Provide AI Services: Use Claude AI to categorize transactions, detect anomalies, and generate financial insights
  3. Export Data: Create and populate Google Sheets or other formats with your processed transaction data
  4. Generate Analytics: Create cash flow forecasts, budget recommendations, and spending trend analyses
  5. Enable Chat Features: Provide conversational AI assistance for financial queries about your data
  6. Account Management: Manage your subscription, authentication, and service preferences

Secondary Uses

  • Service Improvement: Analyze usage patterns to improve features and user experience
  • Security Monitoring: Detect and prevent fraudulent activity or unauthorized access
  • Customer Support: Respond to inquiries and provide technical assistance
  • Legal Compliance: Meet regulatory requirements and respond to legal requests

Google API Services User Data Policy

Statement Desk's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specific Google Permissions Used:

  • Google Drive (read-only): Access PDF files you explicitly select for processing
  • Google Sheets (read/write): Create and update spreadsheets for data export
  • Google Auth: Authenticate and maintain your secure session

Limited Use Disclosure:

We limit our use of Google user data to providing the core functionality of Statement Desk. We do not:

  • Transfer your Google data to third parties except as necessary to provide our service (e.g., Claude AI for processing)
  • Use your Google data for advertising purposes
  • Allow humans to read your data unless you explicitly request support
  • Access files beyond those you explicitly select

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

Service Providers

  • Anthropic (Claude AI): For AI-powered transaction processing and insights generation
  • Supabase: For secure database storage and authentication
  • Stripe: For payment processing (they receive only payment information, not financial statement data)
  • Google Cloud Platform: For infrastructure and OAuth services

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect and defend our rights or property
  • Prevent fraud or illegal activity
  • Protect the safety of users or the public

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Role-based access control and multi-factor authentication
  • Regular Audits: Security assessments and vulnerability testing
  • Secure Infrastructure: SOC 2 compliant cloud infrastructure
  • Employee Training: Regular security awareness training for all team members
  • Incident Response: 24-hour breach notification policy

Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Financial Records: Transaction data is retained for 7 years to comply with financial regulations
  • Deleted Accounts: Personal data is deleted within 90 days of account closure, except where retention is required by law
  • Aggregated Data: We may retain anonymized, aggregated data indefinitely for analytics

Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Data Portability: Export your transaction data in standard formats
  • Opt-out: Unsubscribe from marketing communications
  • Revoke Consent: Disconnect Google account access at any time

To exercise these rights, contact us at privacy@statementdesk.com

International Data Transfers

Your information may be transferred to and processed in the United States where our servers are located. We ensure appropriate safeguards are in place for international transfers in compliance with applicable laws.

Children's Privacy

Statement Desk is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know about personal information collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.

Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice via email or in-app notification.

Contact Information

For privacy questions, concerns, or to exercise your rights:

  • Email: privacy@statementdesk.com
  • Support: support@statementdesk.com
  • Website: https://statementdesk.com