Last updated: 27 May 2026
The short version. StatementFlow converts your bank statements entirely in your browser, so the file you convert isn't uploaded to us. We store your account details, the recipes (column-mapping definitions) you save, and - only if you choose to save a converted file to your history - that file's data, which you can delete any time. We never sell your data.
StatementFlow is operated by StatementFlow Ltd ("StatementFlow", "we", "us"), a company registered in England & Wales and based in London. For the purposes of UK data protection law, StatementFlow Ltd is the data controller for the personal data described in this policy.
If you have any questions about this policy or how we handle your data, contact us at hello@statementflow.co.uk.
StatementFlow converts UK bank statements - CSV exports and digital PDF statements from Monzo, Starling, Barclays, NatWest and similar - entirely client-side, inside your browser. During conversion, the contents of your file - transaction descriptions, amounts, and reference fields - are not transmitted to or stored on our servers. We read the text inside a digital PDF in the browser and never OCR it or upload it to convert it.
If you choose to save a converted file to your history so you can re-download it later, that file's data - the before and after rows - is stored against your account so you can reopen it. This is the one case where your transaction data is stored on our servers, and only when you choose to save. You can delete any saved file at any time, and deleting your account removes them all.
If you pick your bank when converting a PDF, StatementFlow remembers that bank's column layout in your browser's local storage so the next statement maps faster. This stores column headings and their roles only - never your transactions, amounts, or account details - and it stays on your device.
When you create an account we collect your email address and an authentication credential. If you subscribe to a paid plan, our payment processor, Paddle, collects your billing details on our behalf as the Merchant of Record. We do not see or store full card numbers.
A "recipe" is the set of column-mapping and transformation rules you choose to save (for example, "Monzo → Xero"). Recipes contain bank field names and rule definitions — not your transaction rows — and are stored against your account so you can reuse them across statements.
Like most websites, we collect limited technical information automatically, such as your IP address, browser type, and pages visited, to keep the service secure and reliable.
Under UK GDPR we rely on the following legal bases: performance of a contract (to deliver the service you signed up for); legitimate interests (to secure, improve, and support the service, balanced against your rights); consent (where you have opted in, for example to non-essential cookies); and legal obligation (where we must retain or disclose data by law).
We use a small number of trusted service providers ("processors"). They act on our instructions and are bound by contract to protect your data.
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Account database and authentication; stores saved recipes and saved conversion history | Email, auth credentials, recipe definitions, and the rows of any files you save to your history |
| Paddle | Subscription billing and payment processing, acting as Merchant of Record (Paddle.com Market Ltd., a UK company) | Billing details, payment status, business / tax information for invoicing |
| Resend | Transactional email delivery (magic links, account notifications) | Email address, message metadata |
| Vercel | Web and application hosting | Technical request data, IP address |
Where a provider processes data outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or equivalent approved mechanisms.
StatementFlow uses only the cookies and local storage necessary to keep you signed in and to operate core features. We do not use advertising cookies or sell data to advertisers. If we introduce non-essential analytics in future, we will ask for your consent first.
We keep your account data, saved recipes, and any files you save to your history for as long as your account is active. You can delete saved files individually at any time. If you delete your account, we delete the associated personal data, including your saved files, within 30 days, except where we are required to retain certain records (for example, billing records for tax purposes). Files you convert but do not save are never sent to us.
Under UK data protection law you have the right to access, correct, delete, or restrict processing of your personal data; the right to data portability; and the right to object to processing based on legitimate interests. To exercise any of these rights, email hello@statementflow.co.uk and we will respond within one month.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, though we would appreciate the chance to resolve your concern first.
We use industry-standard measures to protect your data, including encryption in transit, row-level security on stored recipes and saved files, and restricted access to production systems. Because conversion happens in your browser, your transaction rows are not sent to us unless you choose to save a file to your history.
StatementFlow is a tool for businesses, sole traders, bookkeepers, and accountants. It is not directed at anyone under 16 and we do not knowingly collect personal data from children.
We may update this policy from time to time. When we make material changes we will update the "Last updated" date above and, where appropriate, notify you by email.
Questions, requests, or concerns about your privacy? Email hello@statementflow.co.uk and we will be glad to help.
See also our Terms of Service and Refund Policy.