Terms of Service and Privacy Policy
Effective Date: December 6, 2024 | Last Updated: December 6, 2024
1. Introduction
These Terms of Service and Privacy Policy ("Terms") govern your use of the Bank Reconciliation Tool
("Service", "Tool", "we", "our", or "us"). By accessing or using the Service, you agree to be bound by these
Terms. If you disagree with any part, you may not access or use the Service.
2. Service Description
The Bank Reconciliation Tool is a web-based service that facilitates the comparison of banking and
bookkeeping records through secure file processing. The Service processes CSV files containing financial
transaction data to identify discrepancies between records.
3. Data Processing and Security
3.1 Data Collection
We process the following types of user-uploaded data:
- Transaction dates
- Transaction amounts
- Transaction descriptions
- Other related financial data contained in the uploaded CSV files
3.2 Data Processing
All data processing is performed securely and as follows:
- Files are transferred over TLS 1.3 encrypted connections.
- Server-side processing occurs in secure, isolated environments.
- All data is encrypted at rest using AES-256 encryption during processing.
- The Service does not store encryption keys long-term; keys are generated per session and retained
only for the duration of the processing task.
- Processed files and associated encryption keys are automatically and securely deleted after analysis (generally within 5 minutes).
3.3 Data Retention
We operate on a process-and-delete basis:
- Files are processed immediately upon upload.
- Temporary files and keys are securely deleted within 5 minutes of processing completion.
- No historical data or decrypted financial records are retained.
- We do not store processed financial data in any persistent database.
3.4 Logging and Metadata
We may retain minimal logs (e.g., request timestamps, IP addresses) to ensure service stability and
security. These logs do not contain uploaded financial data. All logs are periodically purged according
to our internal retention policy. Users may request information on these logs and their retention periods
by contacting us.
4. User Responsibilities
By using the Service, you agree to:
- Upload accurate and properly formatted data.
- Maintain the confidentiality and legality of your data.
- Use the Service in compliance with all applicable laws and regulations.
- Not attempt to circumvent security measures or upload malicious content.
- Ensure you have the legal right to process any personal data through this Service (if applicable).
5. Privacy and Data Protection
5.1 GDPR Compliance
For users in the European Economic Area (EEA), we process data in accordance with GDPR requirements:
- Data minimization principles are followed, processing only what is necessary for reconciliation.
- Processing is limited to user-initiated requests and is completed rapidly (generally within minutes).
- No personal data is retained after processing, making subsequent access, rectification, or erasure requests non-applicable in most cases.
- Users act as Data Controllers, and we act solely as a Data Processor, processing data on their behalf.
If you have GDPR-related inquiries, including exercising data subject rights, please contact us. Note that
because data is immediately deleted, we may not hold any personal data to rectify or erase.
5.2 Data Security Measures
We implement and maintain appropriate technical and organizational security measures:
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- Secure file handling procedures, with strict memory management and usage limits.
- Regular security audits and automated data deletion protocols.
Data Processing Agreement (DPA)
1. Processing Roles
The User (Data Controller) uploads data, and the Service (Data Processor) processes it under the User’s instructions.
2. Data Processing Activities
- Purpose: Bank statement and bookkeeping reconciliation.
- Duration: Immediate processing with automatic deletion upon completion.
- Security: AES-256 encryption during processing; no keys stored long-term.
- Operations: Encrypted comparison and matching of financial records.
3. Security Implementation
- Server-side encryption of all uploads.
- Secure memory management and periodic security assessments.
- Data sanitization and validation against malicious content.
- Automatic file and key deletion post-processing.
4. Data Breach Protocol
In the unlikely event of a data breach during the short processing window:
- We will notify affected users without undue delay.
- We will investigate the scope of the breach and implement remedial measures.
- We will notify authorities as required by applicable law.
Records of Processing Activities
1. Data Categories
Encrypted financial transaction records and metadata necessary for reconciliation.
2. Processing Details
- Duration: Generally less than 5 minutes of processing time.
- Storage: Temporary, encrypted in volatile memory only.
- Deletion: Automatic secure deletion after processing.
- Access: No long-term persistent storage of keys or decrypted data.
Technical Specifications
1. Security Measures
- File validation and strong encryption.
- Memory monitoring to prevent data leakage.
- Input sanitization and injection protection.
- Secure error handling and no logging of sensitive data.
2. Data Handling
- Processing: Encrypted server-side computation only.
- Storage: No permanent data storage; ephemeral encrypted data in memory.
- Deletion: Automatic secure file and key deletion post-processing.
- Access: Single-session basis, no persistent user credentials stored.
6. Disclaimers and Limitations
6.1 Accuracy
The Service is provided "as is" without warranties. While we strive for accurate reconciliation, we do
not guarantee:
- Complete accuracy of results.
- Detection of all possible discrepancies.
- Suitability for any specific accounting purpose.
6.2 Liability Limitations
To the maximum extent permitted by law, we are not liable for:
- Indirect, consequential, or incidental damages.
- Loss of profits or revenue.
- Data loss or corruption.
- Decisions made based on the Service's output.
7. Changes to Terms
We reserve the right to modify these Terms at any time. Any changes will be indicated by updating the
"Last Updated" date. Continued use of the Service after modifications indicates acceptance of the updated Terms.
8. Governing Law
These Terms shall be governed by and construed in accordance with the laws of England and Wales,
without regard to conflict of law principles.
9. Contact Information
For any questions about these Terms, please contact us at:
[email protected]
By using the Service, you acknowledge that you have read and agree to these Terms of Service and Privacy Policy.