Privacy Policy

1. Principles and GDPR Compliance

At ScrutiBank, your privacy is our primary concern. Our platform is designed with "Privacy by Design" at its core, and we comply with the General Data Protection Regulation (GDPR) and other applicable privacy standards.

We only process personal data where we have a lawful basis to do so: to perform our contract with you (managing your account, licence, and purchases), for our legitimate interests (securing and improving the product, and responding to support requests), with your consent (website analytics, advertising measurement, and optional telemetry, which you can withdraw at any time), or to meet a legal obligation.

2. Data Localization: Your Computer, Your Data

All financial processing happens locally on your machine. When you import a PDF or CSV, the ScrutiBank app parses and analyzes the data entirely within its local environment. No financial information is transmitted to our servers or to any third party during normal analysis.

3. Information We Collect

While we never store your bank data, we collect the minimal information below to provide the service:

• Account Information: If you sign up, we store your email address and name to manage your account, plan, and licence.
• Purchase Records: When you buy a one-time package, we store a record of the purchase (package, amount, date, and your account ID) so we can apply your AI-transaction balance. We do not receive or store your card number — see Stripe in Section 4.
• Support Requests: If you submit a support ticket or report AI-generated content, we store the message you write, your contact email (if provided), and basic technical context (app version, operating system). Please avoid including bank or transaction details in support messages.
• Categorization Preferences (synced across your devices): You can teach ScrutiBank your own labels for merchants — for example, that anything containing the word "IKEA" should be filed under "Furniture". What we sync is exactly that and nothing more: the short keyword you picked (IKEA) and the category you mapped it to (Furniture) — a simple list of word-to-category rules. We do not store your transactions themselves: not the transaction description, not amounts, not dates, not account numbers, and not any person's name. So that your rules follow you from one device to the next, this list is synced to our secured cloud database (hosted in the Netherlands) by default. It exists only when you create your own rules: if you never customise a category, nothing is saved or synced at all. You can review, export, or delete your rules at any time.
• Website Analytics: With your consent, we use Google Analytics to understand how visitors use our website (anonymized data like page views, time spent on site, and city/country-level location). No financial data is ever included.
• Advertising Measurement: With your consent, we use Google Ads conversion tracking to measure how many visitors who arrive from our online ads go on to download the app. This records only the anonymized ad-conversion signal — it includes no bank, transaction, or financial data. If you decline, no advertising cookies are set; we may still receive an aggregated, modelled (cookieless) conversion count from Google.
• Usage Telemetry (optional): Anonymized application usage statistics (e.g., "Feature X was used") may be collected to help us improve the tool. You can opt out of this in the application settings.

4. Service Providers (Sub-processors)

We use a small number of trusted service providers to operate ScrutiBank. Each is bound by a data processing agreement and processes data only on our instructions, except where they act as independent controllers (noted below).

We do not sell your personal data, and we do not share it with any third party for their own marketing.

5. International Data Transfers

Your core account, support, purchase, and sync data is stored within the European Union (Netherlands). Some providers — notably Stripe, Google Analytics, and Google Ads — may process limited data outside the European Economic Area. Where that occurs, the transfer is protected by appropriate safeguards, such as EU Standard Contractual Clauses and/or the providers' certification under the EU–US Data Privacy Framework.

6. Data Retention

We keep your account data for as long as your account is active. Your payment and card details are held by Stripe and retained according to Stripe's own retention policy — we do not store them. The purchase records we keep (package, amount, and date) are retained for as long as required to meet our accounting and tax obligations under Dutch law. Support tickets are retained for up to 24 months after resolution. You can ask us to delete your personal data at any time (see Section 7), subject to any retention we are legally required to keep.

7. Your Rights

Under GDPR, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate data;
• Erase your data (the "right to be forgotten");
• Port your data to another service;
• Object to or restrict processing based on our legitimate interests;
• Withdraw consent at any time (for analytics and telemetry), without affecting prior processing;
• Lodge a complaint with your local supervisory authority — for the Netherlands, the Autoriteit Persoonsgegevens.

To exercise any of these rights, contact us at help@scrutibank.com.

8. Contact Us

For any questions regarding your privacy, please contact us at help@scrutibank.com.