Tidy Statement

Legal

Datenschutzerklärung

Zuletzt aktualisiert: April 21, 2026

1. Introduction

Tidy Statement ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we handle your data when you use our bank statement conversion service (the "Service").

2. Data We Process

When you upload a bank statement image, we process the contents of that image solely to extract transaction data and return it to you as structured output. We do not retain your uploaded files, the extracted data, or any copies of them after your session ends.

3. Sub-Processors

To perform optical character recognition on your statement, we send the file to one of our AI sub-processors via the Vercel AI Gateway. Our current model chain uses Anthropic (Claude) as the primary provider, with Google (Gemini) as failover. The providers process the file only to generate the extraction response and do not use it to train models.

Each provider applies its own retention policy to API traffic. For ongoing trust-and-safety review, that may include retaining inputs and outputs for a short period (typically up to 30 days) before deletion. We do not have access to that data, and we do not request or download it. We are evaluating Zero Data Retention (ZDR) configurations to remove this retention window entirely.

4. Cookies

We store your selected language preference in a cookie so that the interface appears in the correct language on your next visit. This cookie never leaves your device for processing purposes; it's only read on incoming requests to redirect to your locale.

5. Waitlist Emails

If you voluntarily join our waitlist, we store the email address you provide for the sole purpose of notifying you when paid plans launch. You can request deletion at any time by contacting us.

6. Your Rights (GDPR)

If you are in the European Economic Area or United Kingdom, you have the right to access, rectify, or erase any personal data we hold about you, to restrict or object to its processing, and to data portability. Since extracted transaction data is not retained, most of these rights apply only to waitlist email addresses.

7. Security

Uploads travel over encrypted HTTPS connections. Files are processed in-memory on our serverless infrastructure and are not written to disk or persistent storage.

8. Contact

If you have any questions about this Privacy Policy or want to exercise your data rights, please contact us at privacy@tidystatement.com.