Data Processing Addendum Summary

1. Roles

For customer-uploaded documents, the customer acts as the data controller and Parse My Statement acts as the data processor.

2. Subject matter and duration

Processing covers uploaded statement files and derived structured outputs for the purpose of document conversion, export generation, account administration, billing, and service security. Processing continues only for the duration needed to provide the service, including the up-to-24-hour retention window for uploaded PDFs and generated outputs.

3. Categories of data

Categories may include names, account identifiers, transaction descriptions, dates, references, balances, amounts, and related financial document metadata contained in uploaded statements.

4. Subprocessors

• OpenAI for structured extraction and normalization.
• Mistral AI for OCR on scanned PDFs.
• Hosting, database, and queue infrastructure providers used to operate the application environment.
• Authentication and payment providers used when customers create accounts or purchase subscriptions.

5. Processor commitments

Parse My Statement will process customer data only to provide the service, follow documented customer instructions as reflected in product use, apply reasonable security measures, and delete short-lived stored data according to the service retention schedule.

6. Customer responsibilities

Customers are responsible for ensuring they have a lawful basis to upload and process the data, for configuring their own downstream storage and deletion practices, and for reviewing AI-generated outputs before operational use.

7. Formal DPA requests

If your procurement or legal team requires a signed DPA, use this page as the public summary and provide your contract contact through the support or founder contact channel for a formal review.