Privacy Policy

1. Overview

Banklyze is a product of Thornebridge Holdings LLC (“Thornebridge,” “we,” “us,” or “our”). This Privacy Policy describes how we collect, use, disclose, and protect information obtained through the Banklyze platform located at banklyze.com (the “Service”), including our web application, API, and related services.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you register for or use Banklyze, we may collect:

• Full name, email address, and phone number
• Company name, job title, and business address
• Login credentials (passwords are hashed and never stored in plaintext)
• Billing and payment information (processed by our third-party payment processor)

2.2 Financial Documents & Data

In the course of providing our statement analysis services, you may upload:

• Bank statements (PDF, scanned, or digital formats)
• Business financial records and transaction data
• Merchant processing statements

Important: Uploaded bank statements are processed by our AI-powered analysis engine to extract transaction data, calculate financial metrics, and generate underwriting recommendations. We do not use your uploaded financial documents for any purpose other than providing the Service to you.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including:

• IP address, browser type, operating system, and device information
• Pages viewed, features used, and time spent on the platform
• API request logs (endpoints called, response times, error rates)
• Referring URLs and search terms that led you to our site

2.4 Cookies & Similar Technologies

We use cookies and similar tracking technologies to maintain session state, remember preferences, and analyze usage patterns. See Section 8 for details.

3. How We Use Your Information

We use the information we collect to:

• Provide the Service — Process and analyze uploaded bank statements, generate financial metrics, produce underwriting recommendations and deal reports
• Maintain your account — Authenticate users, manage subscriptions, and provide customer support
• Improve the Service — Analyze usage patterns to improve performance, fix bugs, and develop new features
• Communicate with you — Send service-related notices, security alerts, and (with your consent) product updates
• Ensure security — Detect and prevent fraud, abuse, and unauthorized access to the platform
• Comply with legal obligations — Meet regulatory requirements, respond to legal process, and enforce our terms

4. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information or financial data to third parties. We may share information only in the following circumstances:

• Service providers — We work with trusted third-party vendors who assist in operating the Service (e.g., cloud hosting, payment processing, AI model providers). These vendors are contractually obligated to protect your data and use it only for the purposes we specify.
• AI processing — Uploaded bank statement text may be sent to third-party AI providers for structured data extraction. This data is transmitted securely, processed ephemerally, and is not used to train AI models.
• Within your organization — If you use Banklyze as part of a team or company account, authorized administrators in your organization may access deal data and reports created by team members.
• Legal requirements — We may disclose information if required by law, subpoena, court order, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.

5. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
• Encryption at rest — Uploaded documents and extracted financial data are encrypted at rest using AES-256 encryption
• Access controls — Role-based access controls, API key authentication, and rate limiting protect against unauthorized access
• Infrastructure security — Our application runs on SOC 2-compliant cloud infrastructure with regular security audits
• Password security — User passwords are salted and hashed using industry-standard algorithms; we never store plaintext passwords

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying affected users in the event of a data breach.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account data — Retained for the duration of your active account, plus 30 days after account deletion to allow for recovery
• Uploaded documents — Bank statement PDFs are retained for the duration of the associated deal. You may delete individual deals and their associated documents at any time.
• Extracted financial data — Transaction records and analysis results are retained as part of the deal record until the deal is deleted
• Usage logs — API logs and usage analytics are retained for 90 days for operational purposes
• Audit trails — Certain records may be retained longer as required by applicable law or regulation

7. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate or incomplete personal data
• Deletion — Request deletion of your personal data, subject to legal retention requirements
• Portability — Request a copy of your data in a structured, machine-readable format
• Opt out of marketing — Unsubscribe from promotional emails at any time via the link in any marketing email
• Withdraw consent — Where processing is based on consent, you may withdraw that consent at any time

To exercise any of these rights, please contact us at the address listed in Section 12.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and share, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

8. Cookies & Tracking Technologies

We use the following types of cookies:

• Essential cookies — Required for the Service to function (e.g., session authentication, CSRF protection). These cannot be disabled.
• Analytics cookies — Help us understand how users interact with the Service so we can improve it. These are anonymized and do not track you across other websites.
• Preference cookies — Remember your settings and preferences (e.g., theme, dashboard layout).

We do not use third-party advertising cookies or cross-site tracking technologies. You can manage cookie preferences through your browser settings.

9. Third-Party Services

The Service may integrate with or link to third-party services. These include:

• AI model providers — AI-powered text extraction and analysis of bank statement data
• Cloud infrastructure providers — Secure hosting and data storage
• Payment processors — Secure billing and subscription management

Each third-party service is governed by its own privacy policy. We encourage you to review their policies. We select partners who maintain strong data protection standards and enter into data processing agreements where applicable.

10. Children's Privacy

Banklyze is a business-to-business platform designed for use by financial professionals. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected data from a minor, we will promptly delete it. If you believe a minor has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting the updated policy on this page with a new “Last Updated” date. For significant changes, we may also notify you via email or an in-app notification.

Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your information, please contact us: