Statement Scan ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our portfolio analysis service.
Consent
By using Statement Scan, you consent to the collection, processing, and storage of your data as described in this Privacy Policy. Specifically:
Account Creation: When you create an account, you consent to our collection and storage of your account information by agreeing to this Privacy Policy.
Document Upload: When you upload brokerage statements, you consent to our processing of those documents to extract portfolio data.
Plaid Connection: When you click "Connect with Plaid" and authenticate through Plaid Link, you explicitly consent to Plaid sharing your financial account information with us for portfolio analysis purposes.
Manual Entry: When you manually enter holdings, you consent to our storage and analysis of that data.
You may withdraw your consent at any time by deleting your account or disconnecting linked accounts.
Information We Collect
We collect information that you provide directly to us:
Account Information: When you create an account, we collect your email address and password (stored securely using encryption).
Financial Documents: Brokerage statements (PDF or CSV) that you upload for analysis.
Portfolio Data: Holdings, positions, and account values extracted from your statements or entered manually.
Saved Portfolios: Portfolio analyses that you choose to save to your account.
Plaid Financial Data
About Plaid Integration
When you choose to connect your brokerage account, we use Plaid Inc. ("Plaid") to securely access your financial account information. By using our Plaid integration, you acknowledge and agree to the following:
Information collected through Plaid:
Account and routing numbers
Account balances and holdings
Investment positions and securities information
Transaction history (if applicable)
Account owner information (name, address)
How Plaid data is used:
To retrieve your current investment holdings
To analyze your portfolio allocation and performance
To provide portfolio insights and recommendations
Important: We do not store your bank login credentials. Plaid securely handles authentication directly with your financial institution. We only receive and store an access token that allows us to retrieve your holdings data.
Provide, maintain, and improve our portfolio analysis services
Process and analyze your financial documents and holdings
Generate portfolio insights, allocations, and performance metrics
Save and retrieve your portfolio data when you're logged in
Respond to your comments, questions, and requests
Send you technical notices and security alerts
Data Storage and Security
We implement appropriate technical and organizational security measures to protect your personal information:
All data is transmitted using TLS/SSL encryption
Passwords are hashed using bcrypt before storage
Plaid access tokens are encrypted at rest using Fernet symmetric encryption
We use secure, industry-standard cloud infrastructure
Data Retention and Deletion Policy
We have a defined data retention and deletion policy that complies with applicable data privacy laws:
Retention periods:
Account Information: Retained while your account is active. Deleted within 30 days of account deletion request.
Uploaded Documents: Brokerage statements (PDFs/CSVs) are processed in memory only and are not permanently stored on our servers. Documents are discarded immediately after processing.
Portfolio Data: Saved portfolios are retained while your account is active. Deleted within 30 days of account deletion request.
Plaid Access Tokens: Encrypted tokens are retained while the connection is active. Immediately deleted when you disconnect an account or delete your account.
Plaid Financial Data: Holdings data retrieved from Plaid is used for analysis and display. Raw data is not permanently stored; only portfolio summaries you choose to save are retained.
Data Deletion:
You may request deletion of your account and all associated data at any time by contacting us.
You may disconnect Plaid-linked accounts at any time, which immediately removes the stored access token.
You may delete individual saved portfolios from your account.
All deletion requests are processed within 30 days.
We maintain minimal backup retention (up to 30 days) for disaster recovery purposes.
Policy Review: This data retention policy is reviewed periodically to ensure ongoing compliance with applicable data privacy laws.
Information Sharing
We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:
Service Providers: With Plaid to facilitate account connections, and with cloud infrastructure providers to host our service
Legal Requirements: If required by law, regulation, or legal process
Protection: To protect our rights, privacy, safety, or property
Your Rights and Choices
You have the following rights regarding your personal data:
Right to Access: You may request a copy of all personal data we hold about you. We will provide this within 30 days of your request.
Right to Correction: You may request correction of any inaccurate or incomplete personal data.
Right to Deletion: You may request deletion of your account and all associated data at any time. Deletion will be completed within 30 days.
Right to Disconnect: You may revoke Plaid access to your financial accounts at any time through our service. You may also revoke access directly through Plaid's portal or your financial institution.
Right to Withdraw Consent: You may withdraw your consent for data processing at any time by deleting your account.
Right to Data Portability: You may request your data in a commonly used, machine-readable format.
To exercise any of these rights, please contact us at the email address provided below.
Third-Party Services
Our service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
Children's Privacy
Our service is not intended for children under 18 years of age. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
Contact Us
If you have any questions about this Privacy Policy, our data practices, or to exercise your data rights, please contact us at:
Data Protection Inquiries: For requests related to data access, correction, deletion, or portability, please include "Data Request" in the subject line.