StatemAIntStatemAInt
Back to home

Privacy policy

Last updated: 10 May 2026

1. Overview

StatemAInt ("we", "us", "our") operates the platform at statemaint.com and app.statemaint.com. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our AI-powered bank statement analysis platform.

By accessing or using our services, you agree to the data practices described in this policy. If you do not agree, please do not use our services.

2. Information we collect

2.1 Information you provide

  • Account information: Name, email address, and organisation details provided when you register for an account or book a demo.
  • Bank statement documents: PDF bank statements that you upload for extraction, review, and analysis. These documents contain transaction data, account details, and other financial information.
  • Review inputs: Corrections, edits, and advisor decisions you make during the review workflow, including audit comments and reasons for changes.
  • Communications: Records of correspondence when you contact our support team via email or through the platform.

2.2 Information collected automatically

  • Usage data: Pages visited, features used, session duration, and interaction patterns within the platform.
  • Device and browser information: Browser type, operating system, device type, and IP address.
  • Cookies and local storage: Session tokens for authentication, theme preferences, and analytics identifiers. See our cookie practices in Section 7.

2.3 Information from third parties

We may receive information from identity verification services, authentication providers (such as Google OAuth), and analytics platforms. When you use single sign-on, the provider shares only your email address and basic profile information with us.

3. How we use your information

We use collected information for the following purposes:

  • Service delivery: Processing uploaded documents, running extraction and analysis workflows, generating advisor suggestions, and producing structured lending analysis outputs.
  • Account management: Authenticating sessions, managing team access, and maintaining your workspace.
  • Improvement and development: Analysing usage patterns to improve extraction accuracy, enhance advisor suggestions, and develop new features.
  • Communication: Sending service-related notifications, responding to support requests, and providing information about platform updates.
  • Security and compliance: Detecting unauthorised access, enforcing acceptable use, and meeting regulatory obligations applicable to financial data handling.

4. Data processing details (AI and LLMs)

StatemAInt uses large language models (LLMs) and AI systems to extract, analyse, and review bank statement data. This section explains how these systems process your information.

4.1 Document extraction

When you upload a bank statement, our extraction pipeline processes the document to identify and extract transaction rows, dates, amounts, and descriptions. This processing happens using a combination of document parsing technology and LLM-based extraction. The extracted data is stored in your workspace for review.

4.2 Analysis and advisor suggestions

Our analysis engine processes reviewed transaction data to produce categorisations, anomaly detection, affordability indicators, risk markers, and structured lending analysis. The advisor feature generates correctness checks and lending-relevant review suggestions.

4.3 LLM data handling

  • No training on your data: We do not use your bank statement documents, extracted transaction data, or review decisions to train or fine-tune the underlying LLMs.
  • Processing location: LLM processing is performed through API calls to our contracted model provider. Data is transmitted over encrypted connections and is not retained by the model provider beyond the processing window.
  • Local processing option: Self-hosted deployments can use locally running models (e.g., via Ollama) so that no data leaves your infrastructure.

5. Data sharing and disclosure

We do not sell your personal or financial data. We share information only in the following circumstances:

  • Service providers: Third parties that help us operate the platform, including cloud hosting providers, LLM API providers, and analytics services, under strict data processing agreements.
  • Legal requirements: When required by law, court order, or regulatory authority, particularly in jurisdictions with financial data disclosure obligations.
  • Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity under equivalent privacy protections.
  • With your consent: When you have given explicit permission for a specific disclosure.

6. Data security

  • Encryption at rest and in transit: All data stored in our systems is encrypted at rest. All connections to our platform use TLS 1.2 or higher.
  • Access controls: Role-based access ensures that only authorised team members can view or modify financial data.
  • Session security: Authentication sessions are managed via HTTP-only signed cookies with configurable expiry.
  • Audit logging: Transaction edits, advisor decisions, and significant actions are logged with actor identity and timestamps for traceability.

While we take reasonable measures to protect your information, no system is completely secure. We encourage you to use strong passwords and to contact us immediately if you suspect unauthorised access.

7. Cookies and tracking

We use a minimal set of cookies and local storage:

  • Essential cookies: Session authentication tokens (HTTP-only, signed) required to operate the platform. These cannot be disabled without losing access to authenticated features.
  • Preference storage: Theme preference (light/dark) stored in local storage. This is not transmitted to our servers.
  • Analytics: We use privacy-respecting analytics (Vercel Analytics) that do not use cross-site tracking cookies and do not build individual user profiles for advertising.

We do not use advertising cookies, retargeting pixels, or sell data to advertising networks.

8. Data retention

  • Uploaded documents: Bank statement PDFs are retained for the duration of your active subscription and for 90 days after account closure, after which they are permanently deleted.
  • Extracted data and review history: Transaction extractions, edits, and advisor decisions are retained for the duration of your subscription and for 90 days after closure.
  • Account information: Basic account details are retained while your account is active. Upon request, we will delete your account data within 30 days.
  • Analytics data: Aggregated, anonymised usage data may be retained indefinitely for service improvement.

9. Your rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Data portability: Receive your data in a structured, machine-readable format (CSV export is available within the platform).
  • Objection: Object to processing of your data in certain circumstances, such as direct marketing.
  • Restriction: Request that we limit how we process your data pending resolution of a concern.

To exercise any of these rights, contact us at hello@statemaint.com. We will respond to all verified requests within 30 days.

10. International data transfers

StatemAInt is operated from Australia. Your data may be processed and stored on servers in Australia and other jurisdictions where our service providers operate. When data is transferred outside Australia, we ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements with our providers.

11. Children's privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

12. Changes to this policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact us

If you have questions about this privacy policy or our data practices, please contact us at:

Questions about this policy? Reach out to our team.

Contact us