Security & Privacy
How We Handle
Your Client's Financial Data
AutoConvertPros processes sensitive financial documents. This page explains exactly what happens to uploaded bank statements — where they go, how they are protected, and when they are deleted.
Security Measures
All files are encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Your client's bank statement data is protected from the moment it leaves your browser to the moment it is deleted.
Uploaded bank statement PDFs are automatically and permanently deleted from our servers within 60 minutes of upload. The original PDF is never stored beyond this window. What we retain is only the structured analysis output — the income figures, risk scores, and transaction classifications.
Uploaded bank statement files are processed exclusively on UK servers in the London region (AWS eu-west-2). Structured analysis data (income figures, risk scores, transaction classifications) is stored in encrypted EU servers in Ireland (Supabase eu-west-1), in full compliance with UK GDPR. No data is transferred outside the UK/EU.
AutoConvertPros is operated by Sparkleen Consult Limited (Companies House: 15744371), registered with the UK Information Commissioner's Office under registration number ZC108380. Our ICO registration confirms we have declared our data processing activities to the regulator as required under UK GDPR.
Your client's financial data is never sold, shared with third parties, used for advertising, or used to train machine learning models. The data you upload is used solely to generate your analysis report and then deleted.
Each user can only access their own uploaded statements. Firm plan admins can view statements uploaded by their team members. No cross-account data access is possible. All API access requires authentication.
What Data We Hold and For How Long
This table explains every category of data AutoConvertPros processes — what it is, how it is stored, and when it is deleted.
| Data Type | How It's Stored | When It's Deleted |
|---|---|---|
| Uploaded bank statement PDF | Processed in memory, stored temporarily in UK S3 | Deleted within 60 minutes of upload |
| Extracted transaction data | Stored in encrypted UK database (Supabase Ireland) | Retained for 24 months, then deleted |
| Income analysis results | Stored in encrypted UK database | Retained while account is active |
| Account information (email, name) | Stored in encrypted UK database | Retained while account is active; deleted on request |
| Payment information | Handled entirely by Stripe — never stored by AutoConvertPros | Governed by Stripe's data retention policy |
| Usage logs and audit trail | Stored in encrypted UK database | Retained for 24 months for compliance |
Your Rights Under UK GDPR
Under UK GDPR, you have the following rights regarding your personal data held by AutoConvertPros:
To exercise any of these rights, email support@autoconvertpros.com. We will respond within 30 days.
Sub-Processors
AutoConvertPros uses the following third-party services to operate. Each is contractually bound to process data only as instructed and in compliance with UK GDPR.
If you have any questions about how AutoConvertPros handles your data, or if you wish to exercise your GDPR rights, contact us directly.
support@autoconvertpros.com