Security & privacy
Last updated: 2026-06-21
BankLift converts bank statements. We treat every file as confidential data. In short: your file is processed by a zero-retention AI service, never stored, never used for training, and deleted immediately after conversion.
How your file is handled
When you upload a statement, your browser extracts the PDF text layer or downscales a scan image, then sends that content over a single secure request (HTTPS/TLS) to our extraction service.
The content is processed in memory and deleted as soon as the conversion returns its result. We do not keep your file and we do not write it to a database.
What we never do
- We do not store your statements after conversion.
- We do not use your files to train AI models.
- We do not sell or share your data with third parties for marketing.
Where it runs
The app and processing run in an EU region where available. Conversion happens in your browser and through the extraction service; there is nothing to install.
Your rights
Data processing follows the GDPR and the Republic of Moldova Law no. 195/2024. Because we delete uploads immediately, most statement data stays with you; we hold no copy to retrieve later.
For questions about access, rectification or erasure of your data, contact us below.
Sub-processors
To provide the service we use the providers below. AI providers are used under zero-retention / no-training terms.
- Google (Gemini API)AI extraction of statement text/image (primary) — no training
- OpenAIFallback AI extraction — no training
- Anthropic (Claude API)Fallback AI extraction — no training
- StripePayment processing (email, billing identity — never statement content)
- VercelApplication hosting (EU region)
- Upstash / CloudflareTransient counters (spend limit, credits) — no statement content
Contact
For any privacy or security question, email us at support@bank-lift.com.