Statement Flowz
Pricing
Back to Statement Flowz

Privacy Policy

Orbitech LLC · Last updated: April 24, 2026

Orbitech LLC (“Orbitech,” “we,” “us”) operates Statement Flowz (“Service”). This Privacy Policy explains how we handle personal information when you use the Service, including our website, authentication, and subscription billing. Capitalized terms not defined here have the meaning in our Terms of Service.

1. What we process

Depending on how you use the Service, we may process:

  • Account and contact data: e.g. email address, name (if provided), and authentication identifiers (via our auth provider and database).
  • Statement files and parsed output in memory/temporarily on servers: when you upload a PDF, we process it to return a preview and allow export. The Service is not designed to retain your statement PDFs or row-level financial data as a permanent archive. Treat exports as the durable copy for your records.
  • Usage and subscription data: e.g. number of conversion events for free-tier limits, subscription status, and payment-related identifiers (via Polar, our payment provider).
  • Technical data: e.g. IP address, device/browser type, and logs for security, debugging, and abuse prevention, typically retained for a limited period.

2. How we use information

We use the above to:

  • Provide, operate, and improve the Service (including parsing, previews, and exports).
  • Authenticate you, protect accounts, and enforce our Terms and acceptable use.
  • Process payments and maintain subscription records (via Polar and our application database).
  • Send transactional messages (e.g. sign-in codes, receipts, and essential service notices).
  • Comply with law, respond to valid legal requests, and protect rights and safety.

We do not sell your personal information for money. We do not use your uploaded statement content to train public machine-learning models. Parsing is performed with deterministic tools on the Service; you should review exports for accuracy.

3. Subprocessors and service providers

We use trusted service providers to run the Service. These may include: hosting and database (e.g. Vercel, Neon/PostgreSQL), email delivery (e.g. Resend), and payment and subscription management (e.g. Polar / polar.sh). Each processes data under our instructions and suitable contractual terms where required. Their privacy policies govern their use of your data in their role as a processor.

4. Legal bases (EEA/UK, where applicable)

Where the GDPR/UK GDPR applies, we process personal data on the following bases, as appropriate:

  • Performance of a contract (providing the Service you request).
  • Legitimate interests (security, product improvement, fraud prevention), balanced against your rights.
  • Legal obligation (compliance with law).
  • Consent, where we rely on it (e.g. certain cookies or marketing, if we offer them).

5. Retention

We retain account and subscription records for as long as your account is active and as needed for business, tax, and legal requirements. We design the Service to avoid storing your statement content as a long-term data lake; logs and backups may exist for a limited time for security and operations. You may request deletion of your account subject to our legal retention obligations.

6. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or port your data; object to or restrict certain processing; and withdraw consent where applicable. You may also lodge a complaint with a supervisory authority. To exercise these rights, contact legal@orbitech.com. We will respond in accordance with applicable law.

7. International transfers

If you access the Service from outside the country where we host data, your information may be processed in the United States or other countries where we or our providers operate. We use appropriate safeguards (e.g. standard contractual clauses) where required.

8. Children

The Service is not directed to children under 16 (or a higher age if required in your region). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

9. Security

We use reasonable technical and organizational measures to protect the Service, including transport encryption and access controls. No method of transmission or storage is 100% secure; you use the Service at your own risk as described in our Terms.

10. California residents (summary)

If the California Consumer Privacy Act (CCPA) as amended applies, you may have the right to know, delete, and correct personal information, and to opt out of “sale” or “sharing” for cross-context advertising. We do not sell your personal information in the conventional sense. For requests, use legal@orbitech.com. We will not discriminate against you for exercising your rights.

11. Changes to this policy

We may update this Privacy Policy. We will post the new version and update the “last updated” date. For material changes, we may provide additional notice.

12. Contact

Orbitech LLC · legal@orbitech.com

Questions? legal@orbitech.com

Privacy Policy | Statement Flowz