Balanzio is a powerful bank statement converter that transforms PDF statements into structured data (CSV, Excel, JSON). Your files are automatically deleted after 24h for maximum security.

How does the conversion work?

Simply drag and drop your PDF bank statement on our platform. Our advanced parsing technology extracts transactions with institutional-grade accuracy. Files are processed in seconds.

Is my financial data secure?

Absolutely. We use bank-grade encryption. All files are automatically deleted after 24 hours. We never store your transaction data. GDPR compliant.

What formats can I export to?

Free users can export to CSV and Excel (XLSX). JSON format is available for Pro subscribers for API integrations.

Which banks are supported?

We support 140+ banks worldwide including major banks from France, Spain, Germany, Italy, Portugal, Netherlands, Poland, Turkey, UAE, Israel, Japan, Korea, and China. Works with both text-based and scanned PDFs.

Data Processing Agreement (DPA)

RGPD/GDPR Compliance

This Data Processing Agreement ensures compliance with the EU General Data Protection Regulation (GDPR) and French RGPD requirements for data processing activities.

1. Definitions

Data Controller:: The customer (you) who determines the purposes and means of processing personal data.
Data Processor:: Balanzio, which processes personal data on behalf of the Data Controller.
Personal Data:: Any information contained in uploaded bank statements (names, account numbers, transaction details, etc.).
Processing:: Conversion of PDF bank statements to CSV/XLSX/JSON formats.

2. Scope & Purpose

This DPA applies when you upload bank statements containing personal data. Balanzio acts as a Data Processor on your behalf.

Processing Purpose:

Conversion of bank statement PDFs into structured data formats for the sole purpose of enabling you to use that data in your financial tools and applications.

3. Data Processor Obligations

Balanzio commits to:

Process personal data only according to documented instructions (this DPA)
Ensure personnel processing data are bound by confidentiality
Implement appropriate technical and organizational measures (see Section 5)
Not transfer data outside the EU/EEA without adequate safeguards
Assist with data subject rights requests (access, erasure, portability)
Notify data breaches within 24 hours
Delete or return all personal data after service termination
Make available all information necessary to demonstrate compliance

4. Data Controller Rights

As Data Controller, you have the right to:

Reasonable access to information about processing activities
Request deletion of your data at any time
Audit our security measures (upon reasonable notice)
Terminate the service and have all data deleted

5. Security Measures

Balanzio implements the following technical and organizational measures:

Technical Measures:

TLS 1.3 encryption for data in transit
Encrypted storage volumes (at rest)
Antivirus scanning (ClamAV) on upload
SHA-256 file integrity verification
IP hashing with pepper (non-reversible)
Rate limiting and DDoS protection
Automated vulnerability scanning

Organizational Measures:

24-hour automatic file deletion policy
Access controls and role-based permissions
Security awareness training for personnel
Incident response plan
Regular security audits
Data breach notification procedures

6. Data Retention & Deletion

Automatic 24-Hour Deletion

All uploaded files and conversion results are automatically and permanently deleted 24 hours after upload. This cannot be extended or modified.

What we retain beyond 24 hours:

Technical metadata only (file UUID, size, upload timestamp, status)
Hashed IP addresses for quota management
No transaction content, account numbers, or financial data

7. Sub-Processors

Balanzio uses the following sub-processors:

Sub-Processor	Service	Location
OVH / Hostinger	VPS Hosting	EU (France/Germany)
No other third-party services process your data. All PDF parsing happens on our own infrastructure.

We will notify you 30 days before adding new sub-processors. You may object if you have legitimate grounds.

8. Data Subject Rights

Balanzio will assist you in responding to data subject requests:

Right of access: Provide data copies within 30 days
Right to erasure: Delete data immediately upon request
Right to portability: Export data in JSON format
Right to rectification: Correct inaccurate data

Note: Due to our 24-hour deletion policy, most data is automatically erased before requests are received.

9. Data Breach Notification

In the event of a personal data breach, Balanzio will:

Notify you within 24 hours of becoming aware
Provide details of the breach (nature, affected data, likely consequences)
Describe measures taken to address the breach
Cooperate with your notifications to supervisory authorities

10. International Data Transfers

EU-Only Processing

All data processing occurs exclusively within the European Union. No data is transferred to third countries or international organizations.

11. Audit Rights

You may audit our compliance with this DPA:

Upon 30 days written notice
During normal business hours
No more than once per year (unless required by supervisory authority)
At your expense

12. Term & Termination

This DPA remains in effect while you use the Service. Upon termination:

All personal data is deleted within 24 hours
Technical metadata may be retained for 90 days for accounting purposes
You may request immediate deletion of all data

13. Liability & Indemnification

Each party is liable for damages caused by its failure to comply with GDPR obligations. Balanzio maintains professional liability insurance covering data processing activities.

14. Contact

For DPA-related questions or to exercise audit rights:

Data Protection Officer

Email: dpo@balanzio.app

Address: [Company Address, EU]