Tampering Detector Demo — Privacy Notice

Last Updated: June 10, 2026

This notice applies only to the free online bank-statement tampering-detector demo on this website. It does not apply to the rest of the website or to the ScrutiBank desktop app, which are covered by our main Privacy Policy.

This is a demo, and it works differently from the app. It lets you try ScrutiBank’s tampering detection in your browser — and is to be distinguished from the ScrutiBank desktop app, where your data is processed and stays on your computer. Because this demo runs on the web, the file you choose is uploaded to our server to be analysed. The original is never stored. With your consent, an automated process makes an anonymised copy — everything that identifies you (name, address, account number, IBAN, transaction descriptions) is removed and replaced with fake stand-ins, keeping only the non-identifying parts (layout, labels, dates and amounts) — and that is the only thing we keep, solely to improve our software. No person ever sees your file, and the anonymised copy can’t be linked back to you.

The tool is operated by Olly Digital, Eerste Anjeliersdwarsstraat 16, The Netherlands, the data controller. For any privacy question or to exercise your rights, contact help@scrutibank.com.

1. The file you upload

When you choose a PDF and confirm consent, the file is uploaded to our server to run the document-authenticity (tamper-risk) analysis and return the result to you. The original is held only in memory for the moment it takes to run the check, and is then discarded — we never store it. The legal basis is your consent, which you give by ticking the box before uploading and can decline simply by not using the tool.

2. The anonymised copy we keep

With that same consent, and only after your file has been automatically anonymised, we keep that anonymised copy in a private location in the EU, used only to improve our software — for example, to build real-world test cases that make our statement reader more reliable.

The anonymisation is done entirely by software, with no human involved. It removes everything that could identify you and replaces it with a same-shape fake: your name, address, account number, IBAN, and the description text of every transaction are all replaced. What is kept is the parts that are not identifying — the page layout, the generic labels, and the plain figures (transaction dates and amounts). Those figures are kept real so the copy still behaves like a genuine statement for our testing; on their own, with your name and account gone, they cannot be traced back to you.

The process is fail-closed: every copy is automatically re-scanned and, if any real detail might have survived, the copy is discarded rather than kept. We keep no link between the anonymised copy and you or the original, so it cannot be traced back. We do not use your file to train AI, we do not publish it, and we never share or sell it.

3. What we don’t do

  • We do not store the original file you upload — ever.
  • We do not let any person see your uploaded file.
  • We do not record your name, email, or any account — none is required.
  • We do not keep any link between the anonymised copy and you.
  • We do not build a profile of you or your finances.
  • We do not use your file to train AI, and we never share or sell it.

4. Usage limits & abuse prevention

To keep the free tool available and prevent abuse, we limit how many checks can be run from one source over a short period. For this we store a one-way (irreversible) hash of your IP address together with a count, and we set a small functional cookie (sb_checks) in your browser. This holds no file content and does not identify you, is used only for rate-limiting, and is deleted automatically after a short period. The legal basis is our legitimate interest in keeping the service running.

5. Where processing happens

Your upload is analysed — and the anonymised copy is created and stored — on Google Cloud / Firebase infrastructure in the European Union (region europe-west4, the Netherlands), acting as our processor. Your file is not transferred outside the EU.

6. Password-protected files

If your PDF is password-protected, the password is used only, transiently, to open and read the file for the check and the anonymisation. The password itself is never stored — it is discarded as soon as the check runs, and it is never written into the anonymised copy.

7. Cookies

The only cookie this tool sets is the strictly-functional sb_checks counter described in section 4, which is necessary to provide the service you asked for. It is not used for advertising or tracking.

8. Your rights

Under the GDPR you have rights of access, rectification, erasure, restriction, objection, and portability. Because we never store the original file and the anonymised copy carries no personal data and no link to you, there is nothing held that identifies you and nothing that could be traced back to a specific person. If you have any concern about a check you ran, contact help@scrutibank.com. You may also lodge a complaint with your local data-protection authority.

9. Changes to this notice

If we change how this tool handles files — for example, the retention period, or how the file is used — we will update this notice (the date is shown at the top) and, where the law requires it, ask for your consent before the change takes effect.

Prefer not to upload anything? The ScrutiBank desktop app runs this same check entirely on your device — nothing leaves your computer — with no limit.