Last updated: April 2026
We only collect what we need to generate your report. Here is every data point we collect and its purpose:
| Data | Purpose | Required? |
|---|---|---|
| Full name | Label your report, personalise emails | Yes |
| Email address | Deliver your report and support emails | Yes |
| Trade / industry | Improve categorisation accuracy (e.g. Bunnings for a builder = business) | Yes |
| Financial year | Filter and group transactions to the correct period | Yes |
| Business structure | Adjust categorisation rules (sole trader vs Pty Ltd) | Yes |
| Bank statement data (transaction dates, descriptions, amounts) | Parse and categorise your transactions | Yes |
| Accountant email | CC your accountant on the report (if provided) | No |
| Subcontractor names | Identify subcontractor payments for TPAR totals | No |
| Notes | Provide additional context for categorisation | No |
| Receipt images | Extract purchase details for expense matching | No |
We never have access to your bank login, account numbers, BSB numbers, passwords, or credit card numbers. Bank CSV exports simply don't contain this information. For PDF statements, we strip headers and footers and only extract transaction rows — no account numbers, BSBs, or PINs are sent to any third party.
Your transaction data is used for one purpose only: to categorise your transactions and generate your report. Specifically:
Your transaction data is processed by Anthropic (United States) via their Claude API for categorisation. Anthropic does not use API data for model training. The following data is sent:
The following is never sent to Anthropic:
Data is processed and returned within seconds. See Anthropic's privacy terms at privacy.anthropic.com.
When we send you your report, a copy is BCC'd to our support inbox (hello@sortmystatement.com.au) for customer support purposes. These copies are retained for up to 90 days and then deleted. If you'd prefer we don't keep a support copy, email us before uploading.
Your uploaded files and generated reports are stored on Vercel's infrastructure (powered by AWS). All data is transmitted over SSL encryption.
Your uploaded bank statements are deleted from our servers after your report is generated. Your report is stored for 30 days then permanently deleted. No exceptions.
SortMyStatement does not require you to create an account, set a password, or log in. We do not use advertising cookies or tracking pixels. We do not run Google Analytics or Facebook Pixel.
Under the Australian Privacy Principles, you have the right to access and correct any personal information we hold about you. Since we delete your data within 30 days and don't maintain accounts, there is typically nothing to access. If you need anything deleted sooner, email us.
If you have questions about your data or want it deleted immediately, email us at hello@sortmystatement.com.au.