How do I convert a PDF bank statement?

Upload your PDF file, select the desired output format (MT940, CSV, or CAMT.053), and download the converted file instantly. No registration needed.

Which banks are supported?

ClearVault supports 100+ banks including ING, Rabobank, ABN AMRO, Deutsche Bank, BNP Paribas, HSBC, and many more across 40+ countries.

Yes. All files are processed in your browser and never stored on our servers. We are fully GDPR compliant.

Privacy Policy

Last updated: 3 May 2026

1. Introduction

ClearVault ("we", "us" or "our") respects your privacy and is committed to protecting your personal data. This privacy policy describes how we collect, use, store, and protect your personal data when you use our PDF conversion services.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy legislation.

2. Data Controller

Name: ClearVault

Address: Edisonweg 13, 8071 CT Nunspeet, The Netherlands

Email: privacy@clearvault.nl

For questions about this privacy policy or the processing of your personal data, please contact us at the email address above.

3. What Data Do We Collect?

3.1 Account Data (voluntary)

When you create an account, we collect:

Email address
Password (stored encrypted)
Account creation date
Credit balance

3.2 File Data

When uploading and converting PDF files, we process:

Uploaded PDF files: Bank statements and credit card statements you upload for conversion
Extracted transaction data: Date, amount, counter account, description and other bank transaction information from your PDF
File metadata: File name, file size, upload date

3.3 Payment Data

For payment processing we use Mollie and PayPal. We store:

Payment ID and status
Amount and number of credits purchased
Payment date

Important: Your credit card or bank details are NOT stored by us. They are processed directly and securely by our payment providers.

3.4 Technical Data

For the operation and security of our service, we automatically collect:

IP address (for rate limiting and abuse prevention)
Browser type and version
Timestamp of requests
Error messages and performance metrics

4. How Do We Use Your Data?

4.1 Legal Basis

We process your personal data solely on the following legal bases:

Performance of a contract: To deliver the conversion service you expect from us
Legitimate interest: For security, fraud prevention, and service improvement
Legal obligation: For accounting and tax purposes

4.2 We Do NOT Use Your Data For

Marketing or advertising without your explicit consent
Selling or renting your data to third parties
Analyzing your financial behavior for commercial purposes
Profiling or automated decision-making

4A. Smart-Powered Document Processing

To analyze and convert your documents, we use Smart technology from external providers (OpenAI LLC and Google LLC / Gemini).

Data Anonymization

Before your document text is sent to an Smart provider, sensitive data is automatically masked (anonymized). IBAN numbers, email addresses, phone numbers, BSN numbers, and names are replaced by placeholders. The Smart provider never sees your actual personal data.

Both Smart providers have contractually confirmed that your data is not used for training Smart models.

5. How Do We Protect Your Data?

Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
Access control: Strict access restrictions based on the principle of least privilege
Authentication: Secure password hashing with modern algorithms
Rate limiting: Protection against brute force attacks and abuse
Privacy by design: Even administrators have NO access to your uploaded files and transaction data (enforced via Row Level Security)

6. Data Retention

Uploaded files and conversions: Automatically deleted after 1 year
Account data: Retained until you delete your account
Payment data: 7 years (legal retention obligation for tax purposes)

7. Sharing Data with Third Parties

Supabase: Database and authentication hosting (servers within the EU)
Mollie: Payment processing (PCI DSS Level 1 certified)
OpenAI LLC / Google LLC: Smart document processing — data is anonymized before transmission

We NEVER sell, rent, or provide your personal data to third parties for commercial purposes.

8. Your Rights

Under the GDPR, you have the following rights:

Right of access — request which personal data we process about you
Right to rectification — have incorrect data corrected
Right to erasure — request deletion of your data
Right to restriction — restrict the processing of your data
Right to data portability — receive your data in a structured format
Right to object — object to certain processing
Right to withdraw consent — withdraw consent at any time

To exercise your rights, send an email to privacy@clearvault.nl. We will respond within 30 days.

9. Complaints

If you are not satisfied with how we handle your personal data, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens

Postbus 93374, 2509 AJ Den Haag, The Netherlands

Website: autoriteitpersoonsgegevens.nl

10. Cookies

Our website uses minimal cookies:

Essential cookies: For authentication and session functionality
No tracking cookies: We do not use cookies for tracking or advertising
No third-party cookies: No external tracking or analytics

11. Contact