Privacy Policy

Information We Collect

We collect only the minimum information necessary to provide and improve the Service:

• Account Information. When you create an account, we collect your email address and an encrypted password. We do not require your name, phone number, or billing address.

• Uploaded Files. PDF files you submit for conversion are processed in memory and temporarily stored on our servers for the duration of the conversion. Files are automatically deleted as soon as processing completes. If processing does not complete within 30 minutes, the job is terminated and the file is deleted immediately.

• Usage Data. We track the number of PDFs processed, page counts, and conversion outcomes to enforce plan limits and monitor service health. We do not log the contents of your statements.

• Technical Data. When you visit the Service, we automatically collect your IP address, browser type, device type, and general location (country-level) for security and performance monitoring.

• Cookies. We use the following cookies: pera_anon_id — anonymous session cookie with a 365-day expiry, set with the httponly flag; pera_token — authentication cookie, session-based (cleared when you close your browser), set with httponly and secure (in production) flags.

How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service

• Process your PDF conversions and deliver CSV output files

• Authenticate your account and enforce plan limits

• Communicate with you about your account or service updates

• Detect and prevent fraud, abuse, or security breaches

• Improve the Service through aggregated, anonymized analytics

Third-Party Service Providers

We rely on the following third-party service providers to operate the Service:

Both providers operate under their respective privacy policies and data processing agreements. Neither provider retains your data beyond the duration of the API request.

Data Storage & Security

PDF content is sent to Fireworks AI for AI-based transaction extraction. This processing occurs in real-time and Fireworks AI does not persist your data after the request completes.

We implement industry-standard security measures including:

• All data in transit is encrypted using TLS. Connections to our service and to our third-party providers (Supabase, Fireworks AI) use HTTPS.

• Uploaded files and generated CSVs are encrypted at rest on our servers using AES encryption. User account data stored with our authentication provider (Supabase) is encrypted at rest per their security practices.

• Automatic file deletion immediately after processing (30-minute maximum timeout)

• We employ automated code analysis and dependency scanning as part of our development process.

Data Retention

We retain your information only for as long as necessary:

• Uploaded PDFs: Deleted immediately after processing. If processing exceeds 30 minutes, the job is terminated and the file is deleted.

• Generated CSVs: CSVs are available for download for a limited time and then permanently deleted.

• Account Data: Retained while your account is active. You can request deletion at any time.

• Usage Logs: Usage logs are retained for the lifetime of your account and deleted upon account deletion.

Your Rights

In accordance with the Data Privacy Act of 2012 (Republic Act No. 10173), you have the right to:

• Access the personal data we hold about you

• Request correction of inaccurate or incomplete data

• Request deletion of your personal data

• Withdraw consent for data processing

• Lodge a complaint with the National Privacy Commission

Contact Us

If you have any questions or concerns about this Privacy Policy or your personal data, you may contact our Data Protection Officer at:

privacy@peratodata.com

pera-to-data
Unit 12B, One Ayala Tower
Makati City, 1226
Philippines