Privacy Policy

Last updated: 2026-04-14

This Privacy Policy explains how Telematica e Automazioni srls ("we", "us", "our") collects, uses, and protects personal data when you use csvbanker.com and the CSVBanker service. We are committed to protecting your privacy and handling your data in line with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller for personal data collected through csvbanker.com is:

Telematica e Automazioni srls Via Antonio Gramsci 20, 00197 Roma, Italy VAT: IT18471961005 REA: RM-1786705 PEC: telematicaeautomazioni@legalmail.it Email: info@telematicaeautomazioni.it

2. What data we collect

We collect the minimum data needed to operate the service. Specifically:

  • Marketing website (csvbanker.com): only essential preferences stored in your browser (language, theme). No tracking cookies, no analytics by default.
  • Marketing demo extractor: if you upload a PDF to the preview widget on the home page, we send it to our AI extraction engine solely to read the first 5 transactions and show them back to you. The PDF is processed in memory and discarded immediately after the preview is generated. We do NOT store the file, its contents, or the extracted transactions. For abuse prevention we log only a hashed IP, the outcome, and the elapsed processing time.
  • Account data (when you sign up for the conversion app): your email address, hashed password or OAuth identifier, and account preferences.
  • Bank statement PDFs (when you use the conversion app): we receive the files you upload solely to extract transactions. Files are never stored — they are processed in memory and deleted immediately after conversion.
  • Payment data: processed by our payment provider. We never see or store your card details.
  • Usage logs: anonymised request logs (hashed IP, user agent, timestamp) for security, fraud prevention, and debugging, retained for up to 30 days.
  • Support correspondence: if you write to us, we retain the message history to serve your request.

3. Why we process your data (legal basis)

We rely on the following legal bases under the GDPR:

  • Performance of a contract (Art. 6(1)(b)): to provide the paid conversion service you requested.
  • Legitimate interest (Art. 6(1)(f)): security, fraud prevention, service improvement, accounting records.
  • Consent (Art. 6(1)(a)): only for optional marketing communications, if you opt in.
  • Legal obligation (Art. 6(1)(c)): tax, accounting, and anti-money-laundering retention requirements under Italian law.

4. How long we keep your data

  • Uploaded PDF files: deleted within seconds, immediately after conversion completes.
  • Generated CSV/Excel output: retained on secure storage for up to 7 days so you can re-download the file, then automatically and permanently deleted.
  • Account data: kept while your account is active, plus 30 days after deletion for audit trail.
  • Payment and invoicing records: 10 years, as required by Italian tax law.
  • Support tickets: up to 3 years.
  • Server access logs: up to 30 days.

5. Sub-processors

We rely on carefully selected third-party providers to run the service. Each is bound by a data processing agreement (DPA) compliant with Art. 28 GDPR:

  • Supabase Inc. — database, storage, edge functions. EU region (Ireland / Frankfurt).
  • Hostinger International Ltd. — web hosting and transactional email (SMTP).
  • Google LLC — Gemini API, used to (a) convert the bank statement PDFs you upload into transaction rows, and (b) generate public blog articles. The marketing landing demo uses a separate Gemini key with an isolated quota. Google Analytics 4 is also provided by Google LLC; it runs with Consent Mode v2 defaulted to denied until you explicitly accept analytics cookies.
  • Stripe Payments Europe Ltd. — payment processing, invoicing and refund management. PCI DSS Level 1 compliant. Stripe sees only billing and transaction metadata you provide at checkout; we never pass them your bank statement contents.
  • Cloudflare Inc. — Turnstile bot-protection challenge on the public landing demo upload. Turnstile is cookieless and privacy-preserving.

We never sell your personal data. We never share your financial data with third parties, except strictly as required to deliver the conversion you requested.

6. International data transfers

Where a sub-processor is based outside the European Economic Area, transfers are protected by Standard Contractual Clauses approved by the European Commission, and/or the EU-US Data Privacy Framework where applicable.

7. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Receive your data in a portable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time
  • Lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, garanteprivacy.it)

To exercise any right, email info@telematicaeautomazioni.it or use our PEC at telematicaeautomazioni@legalmail.it. We respond within 30 days.

8. California residents (CCPA / CPRA)

If you reside in California, you additionally have the right to know what personal information we collect, to delete it, to correct it, and to opt out of the sale or sharing of personal information. We do NOT sell or share personal information for cross-context behavioural advertising.

9. Children

CSVBanker is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it.

10. Security

We apply industry-standard technical and organisational measures to protect your data: encryption in transit (TLS), encryption at rest for sensitive data, strict access controls, regular security reviews, row-level security on the database, and principle-of-least-privilege for internal access.

11. Cookies

For details on cookies and similar technologies, see our Cookie Policy.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced on the site and, for registered users, by email. The "Last updated" date at the top of this page reflects the latest revision.

13. Contact

For any privacy-related question or request, please contact:

Telematica e Automazioni srls Via Antonio Gramsci 20, 00197 Roma, Italy VAT: IT18471961005 REA: RM-1786705 Email: info@telematicaeautomazioni.it PEC: telematicaeautomazioni@legalmail.it