Privacy Policy

Last updated: June 4, 2026

This Privacy Policy explains how StatementLock collects, uses, and protects your information when you use our website and application at statementlock.com (the "Service"). StatementLock is operated by Makerlow LLC, a limited liability company organized in Michigan, United States. By using the Service, you agree to the practices described here.

The short version: your statement PDFs are processed on your own device and are never uploaded to us. We keep your account and billing details to run your subscription, and we send only de-identified transaction text to our AI provider to generate categories and reports. We do not sell your data.

1. Information we collect

We collect the following when you use the Service:

  • Account information — through our authentication provider (Clerk): your name and email address. Your password is managed by Clerk and is never visible to us.
  • Payment information — through our payment processor (Stripe): when you subscribe, Stripe collects and processes your card details. We do not receive or store your full card number; we keep only a Stripe customer reference and your subscription status.
  • Usage information — basic counts of how often you use certain features (for example, how many statements you have analyzed) and your trial and subscription status.
  • Statement data — handled as described in section 2 below.
  • Technical information — standard server logs from our hosting provider (Vercel) and the essential cookies described in section 8.

2. How your statement data is handled

This is the most important part, so we want to be precise:

  • Your statement PDFs are opened and read entirely within your web browser. The PDF file itself is never uploaded to or stored on our servers.
  • Before any information leaves your device, personal identifiers are removed from the statement text.
  • To provide the extraction, categorization, and report features, de-identified transaction details — such as dates, amounts, and merchant or description text — are sent through our processing endpoint to our AI provider (Anthropic) to generate results. That endpoint does not log or store this data, and we do not retain your statement data on our servers.
  • The results — your categorized transactions and reports — are stored locally in your browser, on your device, not in our database.
  • Please note that even de-identified transaction text can include merchant names, locations, dates, and dollar amounts. If you would prefer not to share this with our AI provider, do not use the AI extraction, categorization, or report features.

3. How we use your information

We use the information we collect to operate and provide the Service; create and manage your account; process subscription payments and help prevent fraud (through Stripe); send transactional emails such as sign-up confirmations and trial reminders (through Resend); respond to your support requests; maintain the security of the Service; and comply with our legal obligations.

4. Service providers we rely on

We use trusted third parties to operate the Service, each handling data under its own privacy practices: Clerk (authentication), Stripe (payment processing), Supabase (database for account and subscription data), Resend (transactional email), Anthropic (AI processing of de-identified transaction data), and Vercel (hosting). We do not sell your personal information to anyone.

5. Data retention

We keep your account and subscription information for as long as your account is active and as needed to provide the Service or to meet legal, tax, and accounting requirements. Because your statement data is stored in your own browser, you can remove it at any time by clearing the application's data in your browser. If you delete your account, we delete your account and subscription records, subject to any retention period our payment processor requires for financial records.

6. Security

We protect your information using encryption in transit (HTTPS) and reputable infrastructure providers. However, no method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.

7. Your choices and rights

You can access or update your account details, or request deletion of your account and associated data, by emailing support@statementlock.com. Depending on where you live, you may have additional rights over your personal data — such as the right to access, correct, delete, or port it. Contact us and we will respond as required by applicable law.

8. Cookies

We use only the cookies necessary to run the Service — for example, to keep you signed in (Clerk) and to help prevent payment fraud (Stripe). We do not use advertising cookies.

9. Children's privacy

The Service is not directed to anyone under 18, and we do not knowingly collect personal information from children. If you believe a minor has provided us with information, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a new "Last updated" date, and we may notify you of material changes by email.

11. Contact us

If you have any questions about this Privacy Policy, email us at support@statementlock.com.

© 2026 StatementLockTerms of ServicePrivacy Policysupport@statementlock.com