Terms of Service and Privacy Policy

1. Introduction

These Terms of Service and Privacy Policy ("Terms") govern your use of the Bank Reconciliation Tool ("Service", "Tool", "we", "our", or "us"). By accessing or using the Service, you agree to be bound by these Terms. If you disagree with any part, you may not access or use the Service.

2. Service Description

The Bank Reconciliation Tool is a web-based service that facilitates the comparison of banking and bookkeeping records through secure file processing. The Service processes CSV files containing financial transaction data to identify discrepancies between records.

3. Data Processing and Security

3.1 Data Collection

We process the following types of user-uploaded data:

• Transaction dates
• Transaction amounts
• Transaction descriptions
• Other related financial data contained in the uploaded CSV files

3.2 Data Processing

All data processing is performed securely and as follows:

• Files are transferred over TLS 1.3 encrypted connections.
• Server-side processing occurs in secure, isolated environments.
• All data is encrypted at rest using AES-256 encryption during processing.
• The Service does not store encryption keys long-term; keys are generated per session and retained only for the duration of the processing task.
• Processed files and associated encryption keys are automatically and securely deleted after analysis (generally within 5 minutes).

3.3 Data Retention

We operate on a process-and-delete basis:

• Files are processed immediately upon upload.
• Temporary files and keys are securely deleted within 5 minutes of processing completion.
• No historical data or decrypted financial records are retained.
• We do not store processed financial data in any persistent database.

3.4 Logging and Metadata

We may retain minimal logs (e.g., request timestamps, IP addresses) to ensure service stability and security. These logs do not contain uploaded financial data. All logs are periodically purged according to our internal retention policy. Users may request information on these logs and their retention periods by contacting us.

4. User Responsibilities

By using the Service, you agree to:

• Upload accurate and properly formatted data.
• Maintain the confidentiality and legality of your data.
• Use the Service in compliance with all applicable laws and regulations.
• Not attempt to circumvent security measures or upload malicious content.
• Ensure you have the legal right to process any personal data through this Service (if applicable).

5. Privacy and Data Protection

5.1 GDPR Compliance

For users in the European Economic Area (EEA), we process data in accordance with GDPR requirements:

• Data minimization principles are followed, processing only what is necessary for reconciliation.
• Processing is limited to user-initiated requests and is completed rapidly (generally within minutes).
• No personal data is retained after processing, making subsequent access, rectification, or erasure requests non-applicable in most cases.
• Users act as Data Controllers, and we act solely as a Data Processor, processing data on their behalf.

If you have GDPR-related inquiries, including exercising data subject rights, please contact us. Note that because data is immediately deleted, we may not hold any personal data to rectify or erase.

5.2 Data Security Measures

We implement and maintain appropriate technical and organizational security measures:

• Encryption in transit (TLS 1.3) and at rest (AES-256).
• Secure file handling procedures, with strict memory management and usage limits.
• Regular security audits and automated data deletion protocols.

Data Processing Agreement (DPA)

1. Processing Roles

The User (Data Controller) uploads data, and the Service (Data Processor) processes it under the User's instructions.

2. Data Processing Activities

• Purpose: Bank statement and bookkeeping reconciliation.
• Duration: Immediate processing with automatic deletion upon completion.
• Security: AES-256 encryption during processing; no keys stored long-term.
• Operations: Encrypted comparison and matching of financial records.

3. Security Implementation

• Server-side encryption of all uploads.
• Secure memory management and periodic security assessments.
• Data sanitization and validation against malicious content.
• Automatic file and key deletion post-processing.

4. Data Breach Protocol

In the unlikely event of a data breach during the short processing window:

• We will notify affected users without undue delay.
• We will investigate the scope of the breach and implement remedial measures.
• We will notify authorities as required by applicable law.

Records of Processing Activities

1. Data Categories

Encrypted financial transaction records and metadata necessary for reconciliation.

2. Processing Details

• Duration: Generally less than 5 minutes of processing time.
• Storage: Temporary, encrypted in volatile memory only.
• Deletion: Automatic secure deletion after processing.
• Access: No long-term persistent storage of keys or decrypted data.

Technical Specifications

1. Security Measures

• File validation and strong encryption.
• Memory monitoring to prevent data leakage.
• Input sanitization and injection protection.
• Secure error handling and no logging of sensitive data.

2. Data Handling

• Processing: Encrypted server-side computation only.
• Storage: No permanent data storage; ephemeral encrypted data in memory.
• Deletion: Automatic secure file and key deletion post-processing.
• Access: Single-session basis, no persistent user credentials stored.

6. Disclaimers and Limitations

6.1 Accuracy

The Service is provided "as is" without warranties. While we strive for accurate reconciliation, we do not guarantee:

• Complete accuracy of results.
• Detection of all possible discrepancies.
• Suitability for any specific accounting purpose.

6.2 Liability Limitations

To the maximum extent permitted by law, we are not liable for:

• Indirect, consequential, or incidental damages.
• Loss of profits or revenue.
• Data loss or corruption.
• Decisions made based on the Service's output.

7. Changes to Terms

We reserve the right to modify these Terms at any time. Any changes will be indicated by updating the "Last Updated" date. Continued use of the Service after modifications indicates acceptance of the updated Terms.

8. Governing Law

These Terms shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict of law principles.

9. Contact Information

For any questions about these Terms, please contact us at: [email protected]