Privacy Policy

AutoConvertPros ("we", "us", "our") operates the website autoconvertpros.co.uk and provides bank statement analysis services to mortgage brokers, accountants, bookkeepers, and individuals. We are the data controller responsible for your personal data.

For data protection enquiries, contact us at: support@autoconvertpros.co.uk

We collect the following categories of personal data:

Account Data: Name, email address, company name, phone number, and password (hashed — never stored in plain text).

Payment Data: Subscription tier, billing status, and payment gateway reference numbers. We do not store full card numbers — payments are handled by Stripe.

Uploaded Documents: Bank statement PDFs, images, or other files you upload for analysis. These are processed and then permanently deleted from our servers within 60 minutes of upload.

Usage Data: IP address, browser type, pages visited, upload timestamps, and download counts. This helps us operate and improve the service.

Communications: Any messages you send us via the contact form or support email.

We use your personal data for the following purposes:

• To provide and operate the AutoConvertPros service
• To process your uploaded documents and generate analysis reports
• To manage your account and subscription
• To process payments via Stripe
• To send transactional emails (welcome, password reset, receipts)
• To respond to your support enquiries
• To comply with legal and regulatory obligations
• To detect and prevent fraud or abuse of our platform

We do not use your data for advertising or sell it to third parties.

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide you with the service you have signed up for.
• Legitimate Interests: Security monitoring, fraud prevention, and service improvement — balanced against your rights.
• Legal Obligation: Retaining certain records as required by applicable law.
• Consent: Where you have explicitly provided consent (e.g. marketing communications, if applicable).

We take a privacy-by-design approach to uploaded documents:

• Uploaded files (PDFs, images): Automatically and permanently deleted from our cloud storage within 60 minutes of upload.
• Extracted transaction data: Stored in our database linked to your account until you delete the statement or close your account.
• Account data: Retained while your account is active and for up to 24 months after closure for legal and audit purposes.
• Audit logs: Retained for 24 months for compliance purposes.

You can manually delete any statement from your dashboard at any time.

Your data is stored and processed in the following locations:

• Database: Supabase (Ireland, EU — eu-west-1 region)
• File processing: AWS (London, UK — eu-west-2 region)
• Hosting: Vercel (edge network, UK/EU data residency)

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We implement access controls, rate limiting, and regular security reviews. No system is 100% secure — in the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by UK GDPR.

We share data with the following trusted third-party processors only to the extent necessary to provide our service:

• Stripe — Payment processing. Privacy policy: stripe.com/privacy
• Supabase — Database and authentication. Privacy policy: supabase.com/privacy
• AWS (Amazon Web Services) — File storage and OCR processing. Privacy policy: aws.amazon.com/privacy
• Resend — Transactional email delivery. Privacy policy: resend.com/privacy
• Vercel — Website hosting and deployment. Privacy policy: vercel.com/legal/privacy-policy

All processors are contractually bound to protect your data and process it only on our instructions.

You have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restriction: Request that we limit how we use your data.
• Right to Data Portability: Request your data in a machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Rights related to automated decision-making: We do not make solely automated decisions with legal effects on you.

To exercise any of these rights, contact us at support@autoconvertpros.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We use only essential cookies required to operate the service (authentication session cookies and language preference cookies). We do not use advertising, tracking, or analytics cookies.

For full details, please see our Cookie Policy at autoconvertpros.co.uk/cookies.

AutoConvertPros is intended for use by professionals and adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us immediately at support@autoconvertpros.co.uk.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice on our website. The date at the top of this page reflects when the policy was last updated. Continued use of our service after changes constitutes acceptance of the updated policy.

For any privacy-related questions, requests, or complaints:

Email: support@autoconvertpros.co.uk
Website: autoconvertpros.co.uk/contact

For complaints to the supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
web: ico.org.uk | Tel: 0303 123 1113