Privacy Policy

Last updated: March 2026

1. Data Controller

Crackle AI Limited ("we", "us") is the data controller for personal data processed through the Bank Account Analyser service. Contact: privacy@crackleai.co.uk.

2. Data We Collect

  • Account data: Name, email address, organisation (auto-detected from email domain)
  • Bank statement data: Transaction details (dates, descriptions, amounts, balances) extracted from uploaded PDFs. Documents are processed as uploaded — you are responsible for redacting any personally identifiable information before uploading.
  • Usage data: Job history, credit transactions, classification edits
  • Technical data: Authentication cookies (session management only)

3. Legal Basis

We process your data on the following legal bases:

  • Contract: Processing is necessary to provide the Service you have requested
  • Legitimate interest: Service improvement, fraud prevention, and security

4. Data Retention

Uploaded bank statements and extracted transaction data are automatically deleted 90 days after processing. Account data is retained while your account is active. You may request deletion of your account and all associated data at any time.

5. Third-Party Processors

We use the following third-party services to deliver the Service. All processors are GDPR-compliant and process data within the EU or under adequate safeguards:

  • Supabase (EU region) - Database, authentication, file storage
  • Stripe - Payment processing
  • OpenRouter - AI/LLM processing for transaction classification
  • n8n Cloud - Workflow automation for PDF processing
  • Vercel - Application hosting
  • Resend - Transactional emails

6. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interest

To exercise these rights, contact privacy@crackleai.co.uk or use the data management options in your account settings.

7. Cookies

We use only essential cookies for authentication session management. We do not use tracking, analytics, or advertising cookies. See our Cookie Policy for details.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and row-level security in our database. You are responsible for redacting any personally identifiable information from documents before uploading them to the Service.

9. Contact

For privacy-related queries, contact our Data Protection Officer at privacy@crackleai.co.uk.

Back to home